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M M/e\come to the exciting world of Web database applications. This book 
WW provides the basic techniques to build any Web database application, 
but 1 certainly recommend that you start with a fairly simple one. In this 
book, I develop two sample applications, both chosen to represent two types 
of applications frequently encountered on the Web: product catalogs and 
customer/member-only sites that require the user to register and log in with 
a password. The sample applications are complicated enough to require 
more than one program and to use a variety of data and data manipulation 
techniques, yet simple enough to be easily understood and adapted to a vari- 
ety of Web sites. After you master the simple applications, you can expand 
the basic design to include all the functionality that you can think of. 



About This Book 

Think of this book as your friendly guide to building a Web database applica- 
tion. This book is designed as a reference, not as a tutorial, so you don't have 
to read this book from cover to cover, unless you want to. You can start read- 
ing at any point in the book — in Chapter 1, Chapter 9, wherever 1 divide the 
task of building a Web database application into manageable chunks of infor- 
mation, so check out the table of contents and locate the topic that you're 
interested in. If you need to know information from another chapter to under- 
stand the chapter you're reading, I reference that chapter number. 

Here's a sample of the topics that 1 discuss in this book: 

Building and using a MySQL database 
1^ Adding PHP to HTML files 

Using the features of the PHP language 
1^ Using HTML forms to collect information from users 
i/* Showing information from a database in a Web page 



Storing information in a database 
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includes many examples of PHP programming statements, MySQL 
statements, or HTML. Such statements in this book are shown in a different 
typeface that looks like the following line: 



A PHP program statement 



In addition, snippets or key terms of PHP, MySQL, and HTML are sometimes 
shown in the text of a paragraph. When they are, the special text in the para- 
graph is also shown in the example typeface, different than the paragraph 
typeface. For instance, this text is an example of a PHP statement, showing 
the exact text, within the paragraph text. 

In examples, you will often see some words in italic. Italicized words are gen- 
eral types that need to be replaced with the specific name appropriate for 
your data. For instance, when you see an example like the following 



SELECT fieldl ,f1elcl2 FROM tablename 



you know that fieldl, fi el d2, and tabl ename need to be replaced with real 
names because they are in italic. When you use this statement in your pro- 
gram, you might use it in the following form: 



SELECT name, age FROM Customer 



In addition, you might see three dots (...) following a list in an example line. 
You don't need to type the three dots. The three dots just mean that you can 
have as many items in the list as you want. For instance, when you see the 
following line 



SELECT fieldl ,f1eld2 ,.. . FROM tablename 



you don't need to include the three dots in the statement. The three dots just 
mean that your list of fields can be longer than two. It means you can go on 
with f i el d3, f i el d4, and so forth. For example, your statement might be 

SELECT name , age , hei ght , shoesi ze FROM Customer 

From time to time, you'll also see some things in bold type. Pay attention to 
these; they either indicate something 1 want you to see or something that you 
need to type in. 
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rmation in this book is flagged as Technical Stuff with an icon off to 
the left side. Sometimes you'll see this technical stuff is in a sidebar: Consider 
it information that you don't need to read in order to create a Web database 
application. This extra info might contain a further look under the hood or 
perhaps describe a technique that requires more technical knowledge to exe- 
cute. Some readers may be interested in the extra technical information or 
techniques, but feel free to ignore them if you don't find them interesting or 
useful. 



Foolish Assumptions 

To write a focused book rather than an encyclopedia, I need to assume some 
background for you, the reader 1 am assuming that you know HTML and have 
created Web sites with HTML. Consequently, although I use HTML in many 
examples, 1 do not explain the HTML. If you don't have an HTML background, 
this book will be more difficult for you to use. 1 suggest that you read an 
HTML book — such as HTML 4 For Dummies, 4th Edition, by Ed Tittel and 
Natanya Pitts, or HTML 4 For Dummies Quick Reference, 2nd Edition, by 
Deborah S. Ray and Eric J. Ray (Wiley) — and build some practice Web pages 
before you start this book. In particular, some background in HTML forms 
and tables is useful. However, if you're the impatient type, 1 won't tell you it's 
impossible to proceed without knowing HTML. You may be able to glean 
enough HTML from this book to build your particular Web site. If you choose 
to proceed without knowing HTML, 1 would suggest that you have an HTML 
book by your side to assist you when you need to figure out some HTML that 
isn't explained in this book. 

If you are proceeding without any experience with Web pages, you might not 
know some basics that are required. You must know how to create and save 
plain text files with an editor such as Notepad or save the file as plain text 
from your word processor (not in the word processor format). You also must 
know where to put the text files containing the code (HTML or PHP) for your 
Web pages so that the Web pages are available to all users with access to 
your Web site, and you must know how to move the files to the appropriate 
location. 

You do not need to know how to design or create databases or how to 
program. All the information that you need to know about databases and 
programming is included in this book. 
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is divided into six parts, with several chapters in each part. The 
content ranges from an introduction to PHP and MySQL to installation to cre- 
ating and using databases to writing PHP programs. 



Part 1: Oei/etapin^ a Web database 
Application Usin^ PHP anil Mt^SQL 

This part provides an overview of using PHP and MySQL to create a Web 
database application. It describes and gives the advantages of PHP, of MySQL, 
and of their use together. You find out how to get started, including what you 
need, how to get access to PHP and MySQL, and how to test your software. 
You then find out about the process of developing the application. 



Part 11: Mi^SQL Database 

This part provides the details of working with MySQL databases. You find out 
how to create a database, change a database, and move data in and out of a 
database. 



Pan 111: PHP 

This part provides the details of writing PHP programs that enable your Web 
pages to insert new information, update existing information, or remove 
information from a MySQL database. You find out how to use the PHP fea- 
tures that are used for database interaction and forms processing. 




Part W: Applications 

Part IV describes the Web database application as a whole. You find out how 
to organize the PHP programs into a functioning application that interacts 
with the database. Two complete sample applications are provided, 
described, and explained. 
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Part V: The Part of Tens 



provides some useful lists of important things to do and not to do 
eloping a Web database application. 



Part Uh Appendixes 

This part provides instructions for installing PHP and MySQL for those who 
need to install the software themselves. Appendix C discusses the installation 
and use of Web servers, such as Apache and IIS, for those who need to install 
and administer the Web server themselves. 



Icons Used in This Book 







Tips provide extra information for a specific purpose. Tips can save you time 
and effort, so they're worth checking out. 



You should always read warnings. Warnings emphasize actions that you must 
take or must avoid to prevent dire consequences. 



This icon flags information and techniques that are more technical than other 
sections of the book. The information here can be interesting and helpful, but 
you don't need to understand it to use the information in the book. 



This icon is a sticky note of sorts, highlighting information that's worth 
committing to memory. 



K/here to Go from Here 

This book is organized in the order in which things need to be done. If you're 
a total newbie, you probably need to start with Part 1, which describes how 
to get started, including how to design the pieces of your application and 
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how the pieces will interact. When implementing your application, you need 
to create the MySQL database first, so 1 discuss MySQL before PHP. After you 
nd the details of MySQL and PHP, you need to put them together 
plete application, which 1 describe in Part IV. If you're already 
familiar with any part of the book, you can go directly to the part that you 
need. For instance, if you're familiar with database design, you can go 
directly to Part 11, which describes how to implement the design in MySQL. 
Or if you know MySQL well, you can just read about PHP in Part III. 
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/« this part . . . 

Mn this part, I provide an overview. I describe PHP and 
4^ MySQL, how each one works, and how they work 
together to make your Web database application possible. 
After describing your tools, I show you how to set up your 
working environment. I present your options for accessing 
PHP and MySQL and point out what to look for in each 
environment. 

After describing your tools and your options for your 
development environment, I provide an overview of the 
development process. 1 discuss planning, design, and 
building your application. 



Chapter 1 

niroifuction to PHP and MySQL 



In This Chapter 

^ Finding out wliat a Web database application is 

^ Taking a look at PHP 

^ Discovering how MySQL works 

^ Finding out how PHP and MySQL work together 

• ••••..•••»•«•«•»•«>•>«»••••••••••••••••••••••••••• 

50 you need to develop an interactive Web site. Perhaps your boss just 
put you in charge of the company's online product catalog. Or you want 
to develop your own Web business. Or your sister wants to sell her paintings 
online. Or you volunteered to put up a Web site open only to members of 
your circus acrobats' association. Whatever your motivation might be, you 
can see that the application needs to store information (for instance, informa- 
tion about products, information about paintings, member passwords), thus 
requiring a database. You can also see that the application needs to interact 
dynamically with the user; for instance, the user selects a product to view, 
or the user enters membership information. This type of Web site is a Web 
database application. 

1 assume that you've created static Web pages before, using HTML 
(HyperText Markup Language), but creating an interactive Web site is a new 
challenge, as is designing a database. You asked three computer gurus you 
know what you should do. They said a lot of things you didn't understand, 
but among the technical jargon, you heard "quick" and "easy" and "free" men- 
tioned in the same sentence as PHP and MySQL. Now you want to know more 
about using PHP and MySQL to develop the Web site that you need. 

PHP and MySQL work together very well; it's a dynamic partnership. In this 
chapter, you find out the advantages of each, how each one works, and how 
they work together to produce a dynamic Web database application. 
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ation is a program or a group of programs designed for use by an 
end user (for example, customers, members, circus acrobats, and so on). If 
tfie end user interacts with the application via a Web browser, the application 
is a Web-based or Web application. If the Web application requires the long- 
term storage of information, using a database, it is a Web database applica- 
tion. This book provides you with the information that you need to develop a 
Web database application that can be accessed with Web browsers such as 
Internet Explorer and Netscape. 

A Web database application is designed to help a user accomplish a task. It 
can be a simple application that displays information in a browser window 
(for example, it displays current job openings when the user selects a job 
title) or a complicated program with extended functionality (for example, the 
book-ordering application at Amazon.com or the bidding application at eBay). 

Not surprisingly, a Web database application consists of a database and an 
application — just two pieces: 
[ 

1^ Database: The database is the long-term memory of your Web database 
application. The application can't fulfill its purpose without the data- 
base. However, the database alone is not enough. 

1^ Application: The application piece is the program or group of programs 
that performs the tasks. Programs create the display that the user sees 
in the browser window; they make your application interactive by 
accepting and processing information that the user types in the browser 
window and they store information in the database and get information 
out of the database. (The database is useless unless you can move data 
in and out.) 

The Web pages that you've previously created with HTML alone are static, 
meaning the user can't interact with the Web page. All users see the same 
Web page. Dynamic Web pages, on the other hand, allow the user to interact 
with the Web page. Different users might see different Web pages. For instance, 
one user looking at a furniture store's online product catalog might choose to 
view information about the sofas, whereas another user might choose to view 
information about coffee tables. To create dynamic Web pages, you must use 
another language in addition to HTML. 

One language widely used to make Web pages dynamic is JavaScript. 
JavaScript is useful for several purposes, such as mouse-overs (for example, 
to highlight a navigation button when the user moves the mouse pointer over 
it) or accepting and validating information that users type into a Web form. 
However, it's not useful for interacting with a database. You wouldn't use 
JavaScript to move the information from the Web form into a database. PHP, 
however, is a language that is particularly well suited to interacting with data- 
bases. PHP can accept and validate the information that users type into a 
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in this book are written with PHP. 
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The core of a Web database application is the database, which is the long- 
term memory (hopefully more efficient than my long-term memory) that 
stores information for the application. A database is an electronic file cabinet 
that stores information in an organized manner so that you can find it when 
you need it. After all, storing information is pointless if you can't find it. A 
database can be small, with a simple structure — for example, a database 
containing the titles and authors' names of all the books that you own. Or a 
database can be huge, with an extremely complex structure — such as the 
database that Amazon.com must have to hold all its information. 



E-mail discussion lists 



Good technical support is available from e-mail 
discussion lists. E-mail discussion lists are 
groups of people discussing specific topics via 
e-mail. E-mail lists are available for pretty much 
any subjectyou can think of: Powerball, ancient 
philosophy, cooking, the Beatles, Scottish terri- 
ers, politics, and so on. The discussion takes 
place via e-mail. The list manager maintains a 
distribution list of e-mail addresses for anyone 
who wants to join the discussion. When you 
send a message to the discussion list, your mes- 
sage is sent to the entire list so that everyone 
can see it. Thus, the discussion is a group effort, 
and anyone can respond to any message that 
interests him or hen 

E-mail discussion lists are supported by various 
sponsors. Any individual or organization can run 
a list Most software vendors run one or more 
lists devoted to their software. Universities run 
many lists for educational subjects. In addition, 
some Web sites manage discussion lists, such 
as Yahoo! Groups and Topica. Users can create 
a new list or join an existing list via the Web 
application. 

Software-related e-mail lists are a treasure 
trove of technical support Anywhere from a 



hundred to several thousand users of the soft- 
ware subscribe to the list. Many have extensive 
experience with the software. Often the devel- 
opers, programmers, and technical support 
staff for the software vendor are on the list 
Whatever your question or problem, someone 
on the list probably knows the answer or the 
solution. You are unlikely to be the first person 
to ever experience your problem. When you 
post a question to an e-mail list, the answer usu- 
ally appears in your Inbox within minutes. In 
addition, most lists maintain an archive of pre- 
vious discussions so that you can search for 
answers to your specific problem. When you're 
new to any software, you can find out a great 
deal simply by joining the discussion lists forthe 
software and reading the messages for a few 
days. 

Of course, PHP and MySQL have e-mail discus- 
sion lists. Actually, each has several discussion 
lists for special topics, such as databases and 
PWPYou can find the names of the mailing lists 
and instructions for joining them on the PHP and 
MySQL Websites. 
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The information that you store in the database comes in many varieties. A 
company's online catalog requires a database to store information about all 
any's products. A membership Web site requires a database to store 
fon about members. An employment Web site requires a database 
(or perhaps two databases) to store information about job openings and 
information from resumes. The information that you plan to store could be 
similar to information that's stored by Web sites all over the Internet — or 
information that's unique to your application. 

Technically, the term database refers to the file or group of files that holds the 
actual data. The data is accessed by using a set of programs called a DBMS 
(Database Management System). Almost all DBMSs these days are RDBMSs 
(Relational Database Management Systems), in which data is organized and 
stored in a set of related tables. 

In this book, MySQL is the RDBMS used because it is particularly well suited 
for Web sites. MySQL and its advantages are discussed in the section, 
"MySQL, My Database," later in this chapter You can find out about how to 
organize and design a MySQL database in Chapter 3. 



The application: Moi/ing^ data in 
and out of the database 

For the database to be useful, you need to be able to move data into and out 
of it. Programs are your tools for this because they interact with the database 
to store and retrieve data. A program connects to the database and makes a 
request: "Take this data and store it in the specified location." Another pro- 
gram makes the request: "Find the specified data and give it to me." The 
application programs that interact with the database run when the user inter- 
acts with the Web page. For instance, when the user clicks the submit button 
after filling in a Web form, a program processes the information in the form 
and stores it in a database. 



MifSQL, Mif DataBase 

MySQL is a fast, easy-to-use RDBMS used for databases on many Web sites. 
Speed was the developers' main focus from the beginning. In the interest of 
speed, they made the decision to offer fewer features than their major com- 
petitors (for instance, Oracle and Sybase). However, even though MySQL is 
less full featured than its commercial competitors, it has all the features 
needed by the large majority of database developers. It's easier to install and 
use than its commercial competitors, and the difference in price is strongly in 
MySQL's favor 
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MySQL is developed, marketed, and supported by MySQL AB, which is a 
Swedish company. The company licenses it two ways: 



in source software: MySQL is available via the GNU GPL (General 
Public License) for no charge. Anyone who can meet the requirements of 
the GPL can use the software for free. If you're using MySQL as a data- 
base on a Web site (the subject of this book), you can use MySQL for 
free, even if you're making money with your Web site. 

Commercial license: MySQL is available with a commercial license for 
those who prefer it to the GPL. If a developer wants to use MySQL as 
part of a new software product and wants to sell the new product, rather 
than release it under the GPL, the developer needs to purchase a com- 
mercial license. The fee is very reasonable. 



Finding technical support for MySQL is not a problem. You can join one of 
several e-mail discussion lists offered on the MySQL Web site at www . mysql . 
com. You can even search the e-mail list archives, which contain a large 
knowledge base of MySQL questions and answers. If you're more comfortable 
getting commercial support, MySQL AB offers technical support contracts — 
five support levels, ranging from direct e-mail support to phone support, at 
five price levels. 



Advantages ofMi^SQL 

MySQL is a popular database with Web developers. Its speed and small size 
make it ideal for a Web site. Add to that the fact that it's open source, which 
means free, and you have the foundation of its popularity. Here is a rundown 
of some of its advantages: 

1^ It's fast. The main goal of the folks who developed MySQL was speed. 
Consequently, the software was designed from the beginning with speed 
in mind. 

1/^ It's inexpensive. MySQL is free under the open source GPL license, and 
the fee for a commercial license is very reasonable. 

1^ It's easy to use. You can build and interact with a MySQL database by 
using a few simple statements in the SQL language, which is the stan- 
dard language for communicating with RDBMSs. Check out Chapter 4 for 
the lowdown on the SQL language. 

1^ It can run on many operating systems. MySQL runs on a wide variety of 
operating systems — Windows, Linux, Mac OS, most varieties of Unix 
(including Solaris, AIX, and DEC Unix), FreeBSD, OS/2, Irix, and others. 

Technical support is widely available. A large base of users provides 
free support via mailing lists. The MySQL developers also participate in 
the e-mail lists. You can also purchase technical support from MySQL AB 
for a very small fee. 
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\^ It's secure. MySQL's flexible system of authorization allows some or all 
database privileges (for example, the privilege to create a database or 
te data) to specific users or groups of users. Passwords are 
ypted. 

It supports large databases. MySQL handles databases up to 50 million 
rows or more. The default file size limit for a table is 4GB, but you can 
increase this (if your operating system can handle it) to a theoretical 
limit of 8 million terabytes (TB). 

It's customizable. The open source GPL license allows programmers to 
modify the MySQL software to fit their own specific environments. 



HovO Mi^SQL Works 

The MySQL software consists of the MySQL server, several utility programs 
that assist in the administration of MySQL databases, and some supporting 
software that the MySQL server needs (but you don't need to know about). 
The heart of the system is the MySQL server. 

The MySQL server is the manager of the database system. It handles all your 
database instructions. For instance, if you want to create a new database, you 
send a message to the MySQL server that says "create a new database and 
call it newdata." The MySQL server then creates a subdirectory in its data 
directory, names the new subdirectory newdata, and puts the necessary files 
with the required format into the newdata subdirectory. In the same manner, 
to add data to that database, you send a message to the MySQL server, giving 
it the data and telling it where you want the data to be added. You find out 
how to write and send messages to MySQL in Part II of this book. 

Before you can pass instructions to the MySQL server, it must be running and 
waiting for requests. The MySQL server is usually set up so that it starts 
when the computer starts and continues running all the time. This is the 
usual setup for a Web site. However, it's not necessary to set it up to start 
when the computer starts. If you need to, you can start it manually whenever 
you want to access a database. When it's running, the MySQL server listens 
continuously for messages that are directed to it. 



Communicating uOith the Mt^SQL seri/er 

All your interaction with the database is done by passing messages to the 
MySQL server You can send messages to the MySQL server several ways, but 
this book focuses on sending messages by using PHP. The PHP software has 
specific statements that you use to send instructions to the MySQL server. 
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The MySQL server must be able to understand the instructions that you send 
it. You communicate by using SQL (Structured Query Language), which is a 
language understood by many RDBMSs. The MySQL server under- 
L. PHP doesn't understand SQL, but it doesn't need to: PHP just 
establishes a connection with the MySQL server and sends the SQL message 
over the connection. The MySQL server interprets the SQL message and fol- 
lows the instructions. The MySQL server sends a return message, stating its 
status and what it did (or reporting an error if it was unable to understand or 
follow the instructions). For the lowdown on how to write and send SQL mes- 
sages to MySQL, check out Part 11 of this book. 



PHP, a Data Mof/er 



PHP, a scripting language designed specifically for use on the Web, is your 
tool for creating dynamic Web pages. Rich in features that make Web design 
and programming easier, PHP is in use on over 13 million domains (according 
to the Netcraft survey at www . p hp . net /usage . p hp). Its popularity continues 
to grow, meaning that it must be fulfilling its function pretty well. 



PHP stands for PHP: HyperText Preprocessor. In its early development by a guy 
named Rasmus Lerdorf , it was called Personal Home Page tools. When it 
developed into a full-blown language, the name was changed to be more in 
line with its expanded functionality. 

The PHP language's syntax is similar to the syntax of C, so if you have experi- 
ence with C, you'll be comfortable with PHP. PHP is actually simpler than C 
because it doesn't use some of the more difficult concepts of C. PHP also 
doesn't include the low-level programming capabilities of C because PHP is 
designed to program Web sites and doesn't require those capabilities. 

PHP is particularly strong in its ability to interact with databases. PHP sup- 
ports pretty much every database you've ever heard of (and some you 
haven't). PHP handles connecting to the database and communicating with it. 
You don't need to know the technical details for connecting to a database or 
for exchanging messages with it. You tell PHP the name of the database and 
where it is, and PHP handles the details. It connects to the database, passes 
your instructions to the database, and returns the database response to you. 

Technical support is available for PHP. You can join one of several e-mail dis- 
cussion lists offered on the PHP Web site (www . php .net), including a list for 
databases and PHP. In addition, a Web interface to the discussion lists is avail- 
able at news . php . net, where you can browse or search the messages. 
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Advantages of PHP 

1^ 1"^ ^^tj^Qilarity of PHP is growing rapidly because of its many advantages: 



1^ It's fast. Because it is embedded in HTML code, the response time is 
short. 

1^ It's inexpensive — free, in fact. PHP is proof that free lunches do exist 
and that you can get more than you paid for. 

It's easy to use. PHP contains many special features and functions 
needed to create dynamic Web pages. The PHP language is designed to 
be included easily in an HTML file. 

It can run on many operating systems. It runs on a wide variety of oper- 
ating systems — Windows, Linux, Mac OS, and most varieties of Unix. 

Technical support is widely available. A large base of users provides 
free support via e-mail discussion lists. 

It's secure. The user does not see the PHP code. 

It's designed to support databases. PHP includes functionality designed 
to interact with specific databases. It relieves you of the need to know 
the technical details required to communicate with a database. 

It's customizable. The open source license allows programmers to 
modify the PHP software, adding or modifying features as needed to fit 
their own specific environments. 



Hotx; PHP vVorks 



PHP is an embedded scripting language when used in Web pages. This means 
that PHP code is embedded in HTML code. You use HTML tags to enclose the 
PHP language that you embed in your HTML file — the same way that you 
would use other HTML tags. You create and edit Web pages containing PHP 
the same way that you create and edit regular HTML pages. 



The PHP software works in conjunction with the Web server. The Web server 
is the software that delivers Web pages to the world. When you type a URL 
into your Web browser, you're sending a message to the Web server at that 
URL, asking it to send you an HTML file. The Web server responds by sending 
the requested file. Your browser reads the HTML file and displays the Web 
page. You also request the Web server to send you a file when you click a link 
in a Web page. In addition, the Web server processes a file when you click a 
Web page button that submits a form. 
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When PHP is installed, the Web server is configured to expect certain file 
extensions to contain PHP language statements. Often the extension is . php 
but any extension can be used. When the Web server gets a 
r a file with the designated extension, it sends the HTML state- 
ments as-is, but PHP statements are processed by the PHP software before 
they're sent to the requester. 



When PHP language statements are processed, only the output is sent by the 
Web server to the Web browser. The PHP language statements are not 
included in the output sent to the browser, so the PHP code is secure and 
transparent to the user For instance, in this simple PHP statement: 



<?php echo "<p>Hello World"; ?> 



<?php is the PHP opening tag, and ?> is the closing tag. echo is a PHP instruc- 
tion that tells PHP to output the upcoming text. The PHP software processes 
the PHP statement and outputs this: 



<p>Hello World 



which is a regular HTML statement. This HTML statement is delivered to the 
user's browser The browser interprets the statement as HTML code and dis- 
plays a Web page with one paragraph — Hello World. The PHP statement is 
not delivered to the browser, so the user never sees any PHP statements. 

PHP and the Web server must work closely together PHP is not integrated 
with all Web servers, but it does work with many of the most popular Web 
servers. PHP is developed as a project of the Apache Software Foundation — 
consequently, it works best with Apache. PHP also works with Microsoft IIS/ 
PWS, iPlanet (formerly Netscape Enterprise Server), and others. 

Although PHP works with several Web servers, it works best with Apache. If 
you can select or influence the selection of the Web server used in your orga- 
nization, select Apache. By itself. Apache is a good choice. It is free, open 
source, stable, and popular. It currently powers over 60 percent of all Web 
sites, according to the Web server survey at www . netcraf t . com. It runs on 
Windows, Linux, Mac OS, and most flavors of Unix. 



MifSQL and PHP, the Perfect Pair 

MySQL and PHP are frequently used together. They are often called the 
dynamic duo. MySQL provides the database part, and PHP provides the appli- 
cation part of your Web database application. 
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id PHP as a pair have several advantages: 



They're free. It's hard to beat free for cost-effectiveness. 

They're Web-oriented. Both were designed specifically for use on Web 
sites. Both have a set of features that are focused on building dynamic 
Web sites. 

They're easy to use. Both were designed to get a Web site up quickly. 

1^ They're fast. Both were designed with speed as a major goal. Together 
they provide one of the fastest ways to deliver dynamic Web pages to 
users. 

They communicate well with one another. PHP has built-in features for 
communicating with MySQL. You don't need to know the technical 
details; just leave it to PHP. 

A wide base of support is available for both. Both have large user 
bases. Because they are often used as a pair, they often have the same 
user base. Many people are available to help, including those on e-mail 
discussion lists who have experience using MySQL and PHP together 

They're customizable. Both are open source, thus allowing program- 
mers to modify the PHP and MySQL software to fit their own specific 
environments. ^ 

HovV Mi^SQL and PHP u/ork together 

PHP provides the application part, and MySQL provides the database part of 
a Web database application. You use the PHP language to write the programs 
that perform the application tasks. PHP is flexible enough to perform all the 
tasks that your application requires. It can be used for simple tasks (such as 
displaying a Web page) or for complicated tasks (such as accepting and veri- 
fying data that a user typed into an HTML form). One of the tasks that your 
application must do is move data into and out of the database — and PHP 
has built-in features to use when writing programs that move data into and 
out of a MySQL database. 

PHP statements are embedded in your HTML files with PHP tags. When the 
task to be performed by the application requires storing or retrieving data, 
you use specific PHP statements designed to interact with a MySQL database. 
You use one PHP statement to connect to the correct database, telling PHP 
where the database is located, its name, and the password needed to connect 
to it. The database doesn't need to be on the same machine as your Web site; 
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PHP can communicate with a database across a network. You use another 
PHP statement to send instructions to MySQL. You send an SQL message 

e connection, giving MySQL instructions for the task that you want 
SQL returns a status message that shows whether it successfully 
performed the task. If there was a problem, it returns an error message. If 
your SQL message asked to retrieve some data, MySQL sends the data that 
you asked for, and PHP stores it in a temporary location where it is available 
to you. 

You then use one or more PHP statements to complete the application task. 
For instance, you can use PHP statements to display data that you retrieved. 
Or you might use PHP statements to display a status message in the browser, 
informing the user that the data was saved. 

As an RDBMS, MySQL can store very complex information. As a scripting lan- 
guage, PHP can perform very complicated manipulation of data, either data 
that you need to modify before saving it in the database or data that you 
retrieved from the database and need to modify before displaying or using it 
for another task. Together, PHP and MySQL can be used to build a Web data- 
base application that has a very sophisticated and complicated purpose. 



Keeping Up u/ith PHP and 
MySQL Changes ■ 

PHP and MySQL are open source software. If you've only used software from 
major software publishers — such as Microsoft, Macromedia, or Adobe — 
you'll find that open source software is an entirely different species. It's 
developed by a group of programmers who write the code in their spare time, 
for fun and for free. There's no corporate office. 

Open source software changes frequently, rather than once every year or two 
like commercial software does. It changes when the developers feel that it's 
ready. It also changes quickly in response to problems. When a serious prob- 
lem is found — such as a security hole — a new version that fixes the prob- 
lem can be released in days. You don't receive glossy brochures or see 
splashy magazine ads for a year before a new version is released. Thus, if you 
don't make the effort to stay informed, you could miss the release of a new 
version or be unaware of a serious problem with your current version. 

Visit the PHP and MySQL Web sites often. You need to know the information 
that's published there. Join the mailing lists, which often are very high in traf- 
fic. When you first get acquainted with PHP and MySQL, the large number of 
mail messages on the discussion lists bring valuable information into your 
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e-mail box; you can pick up a lot by reading those messages. And soon, you 
might be able to help others based on your own experience. At the very least, 
the announcement mailing list, which only delivers e-mail occa- 
mportant problems or new versions are announced here. The 
e-mail that you receive from the announcement list contains information 
that you need to know. So, right now, before you forget, hop over to the PHP 
and MySQL Web sites and sign up for a list or two at www . php . net/ 
ma i 1 i ng- 1 i sts . php and lists. my sql .com. 



^\NG.' You should be aware of some significant changes in previous PHP versions 
^/ because existing scripts that work fine on earlier versions could have prob- 

lems when they're run on a later version and vice versa. The following are 
some changes that you should be aware of: 



Version 5.0.0: Added support for MySQL 4.1. Support for MySQL 4.0 is 
not included automatically; it must be included with an option when 
PHP is installed. Changed the filename of the PHP interpreter used with 
a Web server from . php to . php cgi . 

1^ Version 4.3.1: Fixed a security problem in 4.3.0. It's not wise to continue 
to run a Web site using versions 4.3.0 or earlier. 

V Version 4.2.0: Changed the default setting for regi ster_gl oba 1 s 
to Off. Scripts running under previous versions might depend on 
register_globals being set to 0 n and could stop running with the 
new setting. It's best to change the coding of the script so that it runs 
with regi ster_gl oba 1 s set to Off. 

1^ Version 4.1.0: Introduced the superglobal arrays. Scripts written with 
the superglobals (as I describe in Chapter 6) won't run in earlier ver- 
sions. Prior to 4.L0, you must use the old style arrays, such as 

$HTTP_POST_VARS. 



Chapter 2 

°^°Wg%You7wbrk Environment 

In This Chapter 

► Getting access to PHP and MySQL through company Web sites 
and Web hosting companies 

^ Building your own Web site from scratch 

^ Testing PHP and MySQL 



J!M fter you decide to use PHP and MySQL, your first task is to get access to 
r » them. A work setting already set up for Web application development 
might be ready and waiting for you with all the tools that you need. On the 
other hand, it might be part of your job to set up this work setting yourself. 
Perhaps your job is to create a whole new Web site. In this chapter, 1 describe 
the tools that you need and how to get access to them. 



The Required Toots 
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To put up your dynamic Web site, you need to have access to the following 
three software tools; 

A Web server: The software that delivers your Web pages to the world 

1^ MySQL: The RDBMS (Relational Database Management System) that will 
store information for your Web database application 

PHP: The scripting language that you'll use to write the programs that 
provide the dynamic functionality for your Web site 

I describe these three tools in detail in Chapter 1. 
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your dynamic Web pages, you need access to a Web site that pro- 
vides your three software tools (see the preceding section). All Web sites 
include a Web server, but not all Web sites provide MySQL and PHP. These 
are the most common environments in which you can develop your Web site: 



A Web site put up by a company on its own computer: The company — 
usually the company's IT (Information Technology) department — 
installs and administers the Web site software. Your job, for the pur- 
poses of this book, is to program the Web site, either as an employee of 
the company or as a contractor 

A Web site that's hosted by a Web hosting company: The Web site is 
located on the Web hosting company's computer. The Web hosting com- 
pany installs and maintains the Web site software and provides space on 
its computer where you can install the HTML (HyperText Markup 
Language) files for a Web site. 

A Web site that doesn't yet exist: You plan to install and maintain the 
Web site software yourself. It could be a Web site of your own that 
you're building on your own computer, or it might be a Web site that 
you're installing for a client on the client's computer 



How much you need to understand about the administration and operation 
of the Web site software depends on the type of Web site access that you 
have. In the next few sections, 1 describe these environments in more detail 
and explain how you gain access to PHP and MySQL. 



A compant^ Web site 

When the Web site is run by the company, you don't need to understand the 
installation and administration of the Web site software at all. The company 
is responsible for the operation of the Web site. In most cases, the Web site 
already exists, and your job is to add to, modify, or redesign the existing Web 
site. In a few cases, the company might be installing its first Web site, and 
your job is to design the Web site. In either case, your responsibility is to 
write and install the HTML files for the Web site. You are not responsible for 
the operation of the Web site. 

You access the Web site software through the company's IT department. The 
name of this department can vary in different companies, but its function is 
the same: It keeps the company's computers running and up-to-date. 
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If PHP and/or MySQL aren't available on the company's Web site, IT needs to 
install them and make them available to you. PHP and MySQL have many 
put IT might not understand the best options — and might have 
et in ways that aren't well suited for your purposes. If you need PHP 
or MySQL options changed, you need to request that IT make the change; you 
won't be able to make the change yourself. For instance, PHP must be 
installed with MySQL support enabled, so if PHP isn't communicating cor- 
rectly with MySQL, IT might have to reinstall PHP with MySQL support 
enabled. 



In order for the world to see the company's Web pages, the HTML files must 
be in a specific location on the computer. The Web server that delivers the 
Web pages to the world expects to find the HTML files in a specific directory. 
The IT department should provide you with access to the directory where 
the HTML files need to be installed. In most cases, you develop and test your 
Web pages in a test location and then transfer the completed files to their 
permanent home. Depending on the access that IT gives you, you might copy 
the files from the test location to the permanent location, or you might trans- 
fer the files via FTP (File Transfer Protocol), which is a method of copying a 
file from one computer to another on a network). In some cases, for security 
reasons, the IT folks won't give you access to the permanent location, prefer- 
ring to install the files in their permanent location themselves. 

In order to use the Web software tools and build your dynamic Web site, you 
need the following information from IT: 

1^ The location of Web pages: You need to know where to put the files for 
the Web pages. IT needs to provide you with the name and location of 
the directory where the files should be installed. Also, you need to know 
how to install the files — copy them, FTP them, or use other methods. 
You might need a user ID and password in order to install the files. 

1^ The default file name: When users point their browsers at a URL, a file 
is sent to them. The Web server is set up to send a file with a specific 
name when the URL points to a directory. The file that is automatically 
sent is the default file. Very often the default file is named i ndex . htm or 
i ndex . html , but sometimes other names are used, such as def a ul t . htm. 
Ask IT what you should name your default file. 

A MySQL account: Access to MySQL databases is controlled through a 
system of account names and passwords. IT sets up a MySQL account 
for you that has the appropriate permissions and also gives you the 
MySQL account name and password. (1 explain MySQL accounts in detail 
in Chapter 5.) 
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1*^ The location of the MySQL databases: MySQL databases need not be 
located on the same computer as the Web site. If the MySQL databases 



ocated on a computer other than that of the Web site, you need to 
the hostname (for example, thor . companyname . corn) where the 
databases can be found. 



1^ The PHP Hie extension: When PHP is installed, the Web server is 
instructed to expect PHP statements in files with specific extensions. 
Frequently, the extensions used are . php or . phtml , but other exten- 
sions can be used. PHP statements in files that don't have the correct 
extension won't be processed. Ask IT what extension to use for your 
PHP programs. 

You will interact with the IT folks frequently as needs arise. For example, you 
might need options changed, you might need information to help you inter- 
pret an error message, or you might need to report a problem with the Web 
site software. So a good relationship with the IT folks will make your life 
much easier. Bring them tasty cookies and doughnuts often. 



A Web hasting compani^ 

A Web hosting company provides everything that you need to put up a Web 
site, including the computer space and all the Web site software. You just 
create the files for your Web pages and move them to a location specified by 
the Web hosting company. 

About a gazillion companies offer Web hosting services. Most charge a 
monthly fee (often quite small), and some are even free. (Most, but not all, of 
the free ones require you to display advertising.) Usually, the monthly fee 
varies depending on the resources provided for your Web site. For instance, a 
Web site with 2MB of disk space for your Web page files would cost less than 
a Web site with 10MB of disk space. 

When looking for a place to host your Web site, make sure that the Web host- 
ing company offers the following: 

PHP and MySQL: Not all companies provide these tools. You might have 
to pay more for a site with access to PHP and MySQL; sometimes you 
have to pay an additional fee for MySQL databases. 

A recent version of PHP: Sometimes the PHP versions offered aren't the 
most recent versions. You certainly shouldn't even consider a Web site 
that has access only to PHP 3. You want PHP 4 at least. Preferably, you 
want access to PHP 5. 

Other considerations when choosing a Web hosting company are 
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Iy Reliability: You need a Web hosting company that you can depend on — 
one that won't go broke and disappear tomorrow, and one that isn't run- 
l^iuig on old computers, held together by chewing gum and baling wire, 
l^mth more downtime than uptime. 

1^ Speed: Web pages that download slowly are a problem because users 
will get impatient and go elsewhere. Slow pages could be a result of a 
Web hosting company that started its business on a shoestring and has 
a shortage of good equipment — or the Web hosting company might be 
so successful that its equipment is overwhelmed by new customers. 
Either way, Web hosting companies that deliver Web pages too slowly 
are unacceptable. 

Technical support: Some Web hosting companies have no one available 
to answer questions or troubleshoot problems. Technical support is 
often provided through e-mail only, which can be acceptable if the 
response time is short. Sometimes you can test the quality of the com- 
pany's support by calling the tech support number, or test the e-mail 
response time by sending an e-mail. 

1^ The domain name: Each Web site has a domain name that Web 
browsers use to find the site on the Web. Each domain name is regis- 
tered for a small yearly fee so that only one Web site can use it. Some 
Web hosting companies allow you to use a domain name that you have 
registered independently of the Web hosting company, some assist you 
in registering and using a new domain name, and some require that you 
use their domain name. For instance, suppose that your name is Lola 
Designer and you want your Web site to be named LoIaDesigner Some 
Web hosting companies will allow your Web site to be Lol aDesi gner . 
com, but some will require that your Web site be named LoIaDesigner. 
webhostingcorTipanynarTie.coni,orwebhostingcorTipanynarrie.corTi/~ 
Lol aDesi gner, or something similar In general, your Web site will look 
more professional if you use your own domain name. 

1^ Backups: Backups are copies of your Web page files and your database 
that are stored in case your files or database are lost or damaged. You 
want to be sure that the company makes regular, frequent backup copies 
of your application. You also want to know how long it would take for 
backups to be put in place to restore your Web site to working order 
after a problem. 

1^ Features: Select features based on the purpose of your Web site. 
Usually a hosting company bundles features together into plans — 
more features = higher cost. Some features to consider are 

• Disk space: How many MB/GB of disk space will your Web site 
require? Media files, such as graphics or music files, can be quite 
large. 

• Data transfer: Some hosting companies charge you for sending 
Web pages to users. If you expect to have a lot of traffic on your 
Web site, this cost should be a consideration. 
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E-mail addresses: Many hosting companies provide you with a 
number of e-mail addresses for your Web site. For instance, if your 
Web site is Lol aDesi gner .com, you could allow users to send you 
e-mail at me@Lol aDesi gner .com. 

Software: Hosting companies offer access to a variety of software 
for Web development. PHP and MySQL are the software that 1 dis- 
cuss in this book. Some hosting companies might offer other data- 
bases, and some might offer other development tools such as 
FrontPage extensions, shopping cart software, and credit card 
validation. 

• Statistics: Often you can get statistics regarding your Web traffic, 
such as the number of users, time of access, access by Web page, 
and so on. 




Domain names 



Every Web site needs a unique address on the 
Web. The unique address used by computers to 
locate a Web site is the IP address, which is a 
series of four numbers between 0 and 255, sep- 
arated by dots — for example, 172 . 17 . 204 . 2 
orl92.163.2.33. 

Because IP addresses are made up of numbers 
and dots, they're not easy to remember. 
Fortunately, most IP addresses have an associ- 
ated name that's much easier to remember, 
such as amazon.com, www.irs.gov, or 
mycompany .com. A name that is an address 
for a Web site is a domain name. A domain can 
be one computer or many connected comput- 
ers. When a domain refers to several comput- 
ers, each computer in the domain can have its 
own name. A name that includes an individual 
computer name, such as thor .mycompany . 
com, identifies a subdomain. 

Each domain name must be unique in order to 
serve as an address. Consequently, a system of 
registering domain names ensures that no two 
locations use the same domain name. Anyone 
can register any domain name as long as the 



name isn't already taken. You can register a 
domain name on the Web. First, you test your 
potential domain name to find out whether it's 
available. If it's available, you register it in your 
name or a company name and pay the fee. The 
name is then yours to use, and no one else can 
use it. The standard fee for domain name regis- 
tration is $35 per year. You should never pay 
more, but bargains are often available. 

Many Web sites provide the ability to register 
a domain name, including the Web sites of 
many Web hosting companies. A search at 
Google (www . googl e .com) for domain name 
register results in over 3 million hits. Shop 
around to be sure thatyou find the lowest price. 
Also, many Web sites allow you to enter a 
domain name and see whom it is registered to. 
These Web sites do a domain name database 
search using a tool called wiiois. A search at 
Google for domain name whois results in 
770,000 hits. A couple of places where you can 
do a whois search are Allwhois.com (www. 
al 1 whoi s . com) and BetterWhois.com (www . 
betterwhoi s . com). 
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One disadvantage of hosting your site with a commercial Web hosting com- 
pany is that you have no control over your development environment. The 
(ting company provides the environment that works best for it — 
setting up the environment for ease of maintenance, low cost, and 
minimal customer defections. Most of your environment is set by the com- 
pany, and you can't change it. You can only beg the company to change it. 
The company will be reluctant to change a working setup, fearing that a 
change could cause problems for the company's system or for other 
customers. 




Access to MySQL databases is controlled via a system of accounts and pass- 
words that must be maintained manually, thus causing extra work for the 
hosting company. For this reason, many hosting companies either don't offer 
MySQL or charge extra for it. Also, PHP has a myriad of options that can be 
set, unset, or given various values. The hosting company decides the option 
settings based on its needs, which might or might not be ideal for your 
purposes. 

It's pretty difficult to research Web hosting companies from a standing start — 
a search at Google.com for Web hosting results in almost 6 million hits. The 
best way to research Web hosting companies is to ask for recommendations 
from people who have experience with those companies. People who have 
used a hosting company can warn you if the service is slow or the computers 
are down often. After you gather a few names of Web hosting companies from 
satisfied customers, you can narrow the list to the one that is best suited to 
your purposes and is the most cost-effective. 



Setting up and mnnin^ i^our oWn Web site 

If you're starting a Web site from scratch, you need to understand the Web 
site software fairly well. You have to make several decisions regarding hard- 
ware and software. You have to install a Web server, PHP, and MySQL — as 
well as maintain, administer, and update the system yourself. Taking this 
route requires more work and more knowledge. The advantage is that you 
have total control over the Web development environment. 

Here are the general steps that lead to your dynamic Web site (1 explain these 
steps in more detail in the next few sections): 



1. Set up the computer. 

2. Install the Web server. 

3. Install MySQL. 

4. Install PHP. 
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If you're starting from scratch, witfi notfiing but an empty space wfiere tfie 
computer will go, start at Step 1. If you already have a running computer but 
oftware, start at Step 2. Or if you have an existing Web site that does 
PHP and MySQL installed, start with Step 3. 



Setting up the computer 

Your first decision is to choose which hardware platform and operating 
system to use. In most cases, you'll choose a PC with either Linux or 
Windows as the operating system. Here are some advantages and disadvan- 
tages of these two operating systems: 

Linux: Linux is open source, so it's free. It also has advantages for use as 
a Web server: It runs for long periods without needing to be rebooted; 
and Apache, the most popular Web server, runs better on Linux than 
Windows. Running Linux on a PC is the lowest cost option. The disad- 
vantage of running Linux is that many people find Linux more difficult to 
install, configure, administer, and install software on than Windows. 

V Windows: Unlike Linux, Windows is not free. However, the advantages 
are that most people feel that Windows is easier to use, and because it's 
widely used, many people can help you if you have problems. 

I assume that you're buying a computer with the operating system and soft- 
ware installed, ready to use. It's easier to find a computer that comes with 
Windows installed on it than with Linux, but Linux computers are available. 
For instance, at this time, Dell, IBM, and Hewlett-Packard offer computers 
with Linux installed. ^ 

If you're building your own hardware, you need more information than I have 
room to provide in this book. If you have the hardware and plan to install an 
operating system, Windows is easier to install, but Linux is getting easier all 
the time. You can install Linux from a CD, like Windows, but you often must 
provide information or make decisions that require more knowledge about 
your system. If you already know how to perform system administration 
tasks (such as installing software and making backups) in Windows or in 
Linux, the fastest solution is to use the operating system that you already 
know. 

For using PHP and MySQL, you should seriously consider Linux. PHP is a pro- 
ject of the Apache Software Foundation, so it runs best with the Apache 
server. And Apache runs better on Linux than on Windows. Therefore, if all 
other things are equal and the computer is mainly for running a Web site with 
a Web database application, Linux is well suited for your purposes. 



Other solutions besides a PC with Windows or Linux are available, but 
they're less popular: 
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1*^ Unix-based: Other free, Unix-based operating systems are available for 
PCs, such as FreeBSD (which some people prefer to Linux) or a version 



laris provided by Sun for free download. 



: Mac computers can be used as Web servers. Most newer Macs 
come with PHP installed. Installing PHP and MySQL on Mac OS X is fairly 
simple. There are fewer Mac users, however, so it can be difficult to find 
help when you need it. One good site is www . phpmac .com. 



InstaUin^ the Web serUer 

After you set up the computer, you need to decide which Web server to 
install. The answer is almost always Apache. Apache offers the following 
advantages: 

1^ It's free. What else do 1 need to say? 

It runs on a wide variety of operating systems. Apache runs on 
Windows, Linux, Mac OS, FreeBSD, and most varieties of Unix. 

1^ It's popular. Approximately 60 percent of Web sites on the Internet use 
Apache, according to surveys at www . netcraf t . com/survey and at 
www .security space . com/s_survey/data/. This wouldn't be true if it 
didn't work well. Also, this means that a large group of users can provide 
help. 

It's reliable. After Apache is up and running, it should run as long as 
your computer runs. Emergency problems with Apache are extremely 
rare. 

1^ It's customizable. The open source license allows programmers to 
modify the Apache software, adding or modifying modules as needed to 
fit their own specific environment. 

1^ It's secure. Free software is available that runs with Apache to make it 
into an SSL (Secure Sockets Layer) server Security is an essential issue if 
you're using the site for e-commerce. 

Apache is automatically installed when you install most Linux distributions. 
Most recent Macs come with Apache installed. For most other Unix flavors, 
you have to download the Apache source code and compile it yourself, 
although some binaries (programs that are already compiled for specific 
operating systems) are available. For Windows, you need to install a binary 
file — preferably on Windows NT/2000/XP, although Apache also runs on 
Windows 95/98/Me. As of this writing. Apache 1.3.28 and 2.0.47 are the cur- 
rent stable releases. (Information on Apache versions is available in 
Appendix C.) See the Apache Web site (httpd.apache.org) for information, 
software downloads, documentation, and installation instructions for various 
operating systems. The Web site provides extensive documentation that is 
improving all the time. 
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Other Web servers are available. Microsoft offers IIS (Internet Information 
Server), which is the second most-popular Web server on the Internet with 
ately 27 percent of Web sites. Sun offers iPlanet (formerly Netscape 
e Server), which serves less than 5 percent of the Internet. Other 
Web servers are available, but they have even smaller user bases. 



instatting Mi^SQL 

After setting up the computer and installing the Web server, you're ready to 
install MySQL. You need to install MySQL before installing PHP because you 
need to provide the path to the MySQL software when you install PHP. 

But before installing MySQL, be sure that you actually need to install it. It 
might already be running on your computer, or it might be installed but not 
running. For instance, many Linux distributions automatically install MySQL. 
Here's how to check whether MySQL is currently running: 




1^ Linux/Unix/Mac: At the command line, type the following: 

ps -ax 

The output should be a list of programs. Some operating systems (usu- 
ally flavors of Unix) have different options for the ps command. If the 
above comment does not produce a list of the programs that are run- 
ning, type man ps to see which options you need to use. 



In the list of programs that appears, look for one called mysql d. 

1^ Windows: If MySQL is running, you should see it in your system tray at 
the bottom of your screen, possibly as a traffic signal with a green light. 
If you cannot find an icon for it, it's probably not running. 



Even if MySQL isn't currently running, it might be installed, just not started. 
Here's how to check to see whether MySQL is installed on your computer: 



Linux/Unix/Mac: Type the following: 

find / -name "mysql*" 

If a directory named mysql is found, MySQL has been installed. 

1/^ Windows: Look for a program called Wi nMySQLadmi n, which starts and 
stops MySQL, among other functions. You might be able to find it on the 
Start menu (choose StartOPrograms). If not, look for it in a MySQL direc- 
tory, which is probably at c : \ mysql \bi n. 



If MySQL is installed but not started, here's how to start it: 
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I V Linux/Unix/Mac: 

I 1. Change to the directory mysql /bi n. 

J This is the directory that you should have found when you were 

checking whether MySQL was installed. 

2. Type safe_mysqld &. 

When this command finishes, the prompt is displayed. 

3. Check that the MySQL server started by typing ps -ax. 

In the list of programs that appears, look for one called mysql d. 
Windows: 

1. Start the Wi nMySQLadmi n program. 

If you can't find it on the menu, navigate to the program, which is 
probably at c : \niysql \bi n\wi nmysql admi n . exe, and then 
double-click it. 

2. Right-click in the WinMySQLadmin window. 

A submenu appears. 

3. Select the menu item for your operating system — Win 9x or Win 
NT (which includes Win 2000 and XP). 

4. Click Start the Server. 

If MySQL isn't installed on your computer, you need to download it and 
install it from www . mysql .com. The Web site provides all the information and 
software that you need. (You can find detailed installation instructions in 
Appendix A.) 

hstM'mq PHP 

After you install MySQL, you're ready to install PHP. As 1 mention earlier, you 
must install MySQL before you install PHP because you need to provide the 
path to the MySQL software when you install PHP. If PHP isn't compiled with 
MySQL support when it is installed, it won't communicate with MySQL. 

Before you install PHP, check whether it's already installed. For instance, 
some Linux and Mac distributions automatically install PHP. To see whether 
PHP is installed, search your disk for any PHP files: 

Iv^ Linux/Unix/Mac: Type the following: 
find / -name "php*" 
Windows: Use the Find feature (choose StartOFind) to search for php *. 
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If you find PHP files, PHP is already installed, and you might not need to rein- 
stall it. For instance, even if you installed MySQL yourself after the PHP was 
you might have installed it in the location where PHP is expecting 
safe than sorry, however: Perform the testing that 1 describe in the 
next section to see whether MySQL and PHP are working correctly together 



If you don't find any PHP files, PHP is not installed. In order to install PHP, 
you need access to the Web server for your site. For instance, when you 
install PHP with Apache, you need to edit the Apache configuration file. All 
the information and software that you need is provided on the PHP Web site 
(www . php . net). 1 provide detailed installation instructions in Appendix B. 



Testing, Testing, 2, 3 

Suppose you believe that PHP and MySQL are available for you to use, for 
one of the following reasons: 
I 

1^ The IT department at your company or your client company gave you all 
the information that you asked for and told you that you're good to go. 

1^ The Web hosting company gave you all the information that you need 
and told you that you're good to go. 

1^ You followed all the instructions and installed PHP and MySQL yourself. 
Now you need to test to make sure that PHP and MySQL are working correctly. 



Testing PHP 

To test whether PHP is installed and working, follow these steps: 

1. Find the directory in which your PHP programs need to be saved. 

This directory and the subdirectories under it are your Web space. 
Apache calls this directory the Document Root. The default Web space 
for Apache is htdocs in the directory where Apache is installed. For IIS, 
it's I netpub\wwwroot. In Linux, it might be /va r/www/html . The Web 
space can be set to a different directory by configuring the Web server 
(see Appendix C). If you're using a Web hosting company, the staff will 
supply the directory name. 
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2. Create the following file somewhere in your Web space with the name 

test. php. 

1> 

d> 

le>PHP Test</title> 
</head> 
<body> 

<p>This is an HTML line 

<P> 
<?php 

echo "This is a PHP line"; 
phpi nf 0 ( ) ; 

?> 

</body></html> 

The file must be saved in your Web space for the Web server to find it. 

3. Point your browser at the file test . php created in Step 1. That is, 
type the name of your Web server (www.myfinecompany.com) into the 
browser address window. 

If your Web server, PHP, and the test . php file are on the same com- 
puter that you're testing from, you can type localhost/test.php. 

In order for the file to be processed by PHP, you need to access the file 
through the Web server — not by choosing FileOOpen from your Web 
browser menu. 

You should see the following in the Web browser: 

This is an HTML line 
This is a PHP line 

Below these lines, you should see a large table, which shows all the 
information associated with PHP on your system. It shows PHP informa- 
tion, path and filenames, variable values, and the status of various 
options. The table is produced by the line p h p i n f o ( ) in the test script. 
Anytime that you have a question about the settings for PHP, you can 
use the statement p h p i n f o ( ) to display this table and check a setting. 

4. Check the PHP values for the values that you need. 

For instance, you need MySQL support enabled. Looking through the 
listing, find the section for MySQL and make sure that MySQL support 
is On. 

5. Change values if necessary. 

If you don't have administrative access to PHP, you have to ask the 
administrator to change any values that need changing. If you installed 
PHP yourself and/or have administrative access to PHP, you can change 
the values yourself. (Changing PHP settings is discussed in Appendix B.) 
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Testing Mi^SQL 



J know that PHP is running okay, you can test wtiether you can 
lySQL by using PHP. Just follow these steps: 




1. Create the following file somewhere in your Web space with the name 

mysql_up.php. 

You can download the file from my Web site atjanet.valade.com. 
<htnil> 

<head><title>Test MySQL</titl e></head> 
<body> 

< ! - - niysql_up . php - -> 
<?php 

%\\ost=" hostname" ; 
$user=" mysql account" ; 
$pdsswor6=" mysql password" ; 

mysql_connect($host,$user,$password); 

$sql="show status" ; 

$result = niysql_query ( $sql ) ; 

if ($result == 0) 

echo "<b>Error " . rnysql_errno( ) . ": " 
. niysql_error ( ) . "</b>"; 

el se 

{ 

?> 

<!-- Table that displays the results --> 
<table border="l"> 

<tr><td><b>Variable_nanie</b></td><td><b>Value</b> 
</td></tr> 

<?php 

for ($i = 0; $i < mysql_nurri_rows ( $resul t ) ; $i++) { 
echo "<TR>"; 

$row_array = rriysql_f etch_row( $resul t ) ; 

for ($j = 0; $j < rTiysql_nurTi_f i el ds ( $resul t ) ; $j++) 

{ 

echo "<TD>" . $row_array[$j ] . "</td>"; 

) 

echo "</tr>" ; 

1 

?> 

</table> 
<?php ) ?> 
</body></htrril> 
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2. Lines 6, 7, and 8 of the program need to be changed. These lines are 

$host="/70St" ; 

er=" mysql account" ; 
ssvord=" mysql password" ; 



Change host to the name of the computer where MySQL is installed — 
for example, databasehost .mycompany . com. If the MySQL database is 
on the same computer as your Web site, you can uselocalhostasthe 
hostname. 

Change mysql accountname and mysql password to the appropriate 
values. (1 discuss MySQL accounts and passwords in Chapter 5.) If your 
MySQL account doesn't require a password, type nothing between the 
quotes, as follows: 

$password=" " ; 

3. Point your browser atmysql up.php. 

You should see a table with a long list of variable names and values. You 
don't want to see an error message or a warning message. Don't worry 
about the contents of the table. It's only important that the table is dis- 
played so that you know your connection to MySQL is working correctly. 

If no error or warning messages are displayed, MySQL is working fine. If 
you see an error or a warning message, you need to fix the problem 
that's causing the message. 

Error and warning messages are usually fairly clear The following is a 
common error message. ^ 

MySQL Connection Failed: Access denied for user: 
' user73@l ocal host ' (Using password: YES) 

This message means that MySQL did not accept your MySQL account number 
or your MySQL password. Notice that the message reads YES for Using 
password but doesn't show the actual password that you tried for security 
reasons. If you tried with a blank password, the message would read NO. 

If you receive an error message, double-check your account number and 
password. Remember that this is your MySQL account number — not your 
account number to log on to the computer If you can't connect with the 
account number and password that you have, you might need to contact the 
IT department or the Web hosting company that gave you the account 
number (For a further discussion of MySQL accounts and passwords, see 
Chapter 5.) 
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Chapters 

iPeveloping a Web Database 
Application 



In This Chapter 

^ Planning your application 

^ Selecting and organizing your data 

^ Designing your database 

^ Overview of building your database 

^ Overview of writing your application programs 



m developing a Web database application involves more than just storing 
•«^data in MySQL databases and typing in PHP programs. Development 
has to start with planning. Building the application pieces comes after plan- 
ning. The development steps are 

1. Develop a plan, listing the tasks that your application will perform. 

2. Design the database needed to support your application tasks. 

3. Build the MySQL database, based on the database design. 

4. Write the PHP programs that perform the application tasks. 

I discuss these steps in detail in this chapter 

Ptamin^ \lour Web Database 
Application 

Before you ever put finger to keyboard to write a PHP program, you need to 
plan your Web database application. This is possibly the most important step 
in developing your application. It's painful to discover, especially just after 
you finish the last program for your application, that you left something out 
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and have to start over from the beginning. It's also hard on your computer 
(and your foot) when you take out your frustrations by drop-kicking it across 




Good planning prevents such painful backtracking. In addition, it keeps you 
focused on the functionality of your application, thus preventing you from 
writing pieces for the application that do really cool things but turn out to 
have no real purpose in the finished application. And if more than one person 
is working on your application, planning ensures that all the pieces will fit 
together in the end. 



from the application 

The first step in the planning phase is to identify exactly why you're develop- 
ing your application and what you want from it. For example, your main pur- 
pose might be to 

Collect names and addresses from users so that you can develop a 
customer list. 

Deliver information about your products to users, as in a customer 
catalog. 

*^ Sell products online. ' 

Provide technical support to people who already own your product. 

After you clearly identify the general purpose of your application, make a list 
of exactly what you want that application to do. For instance, if your goal is 
to develop a database of customer names and addresses for marketing pur- 
poses, the application's list of required tasks is fairly short: 

Iu^ Provide a form for customers to fill out. 
Store the customer information in a database. 

If your goal is to sell products online, the list is a little longer: 

Provide information about your products to the customer 

Motivate the customer to buy the product. 

V Provide a way for the customer to order the product online. 

Provide a method for the customer to pay for the product online. 

Validate the payment so you know that you'll actually get the money. 

Send the order to whomever is responsible for filling it and sending the 
product to the customer 
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At this point in the planning process, the tasks that you want your application 
to perform are still pretty general. You can accomplish each of these tasks in 
erent ways. So now you need to examine the tasks closely and detail 
iow the application will accomplish them. For instance, if your goal is 
to sell products online, you might expand the previous list like this: 



i/* Provide information about products to tiie customer. 

• Display a list of product categories. Each category is a link. 

• When the customer clicks a category link, the list of products in 
that category is displayed. Each product name is a link. 

• When a customer clicks a product link, the description of the prod- 
uct is displayed. 

W Motivate the customer to buy the product. 

• Provide well-written descriptions of the products that communi- 
cate their obviously superior qualities. 

• Use flattering pictures of the products. 

• Make color product brochures available online. 

• Offer quantity discounts. 

V Provide a way for customers to order the product online. 

• Provide a button that customers can click to indicate their inten- 
tion to buy the product. 

• Provide a form that collects necessary information about the prod- 
uct the customer is ordering, such as size, color, and so on. 

• Compute and display the total cost for all items in the order. 

• Compute and display the shipping costs. 

• Compute and display the sales tax. 

• Provide forms for customers to enter shipping and billing 
addresses. 

I/' Provide a method for customers to pay for the product online. 

• Provide a button that customers can click to pay with a credit 
card. 

• Display a form that collects customers' credit card information. 

Validate the payment so you know that you'll actually get the money. 

The usual method is to send the customer's credit card information to a 
credit card processing service. 

Send the order to whoever is responsible for filling it and sending the 
product to the customer. 

E-mailing order information to the shipping department should do it. 
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At this point, you should have a pretty clear idea of what you want from your 
Web database application. However, this doesn't mean that your goals can't 
(In fact, your goals are very likely to change as you develop your 
libase application and discover new possibilities.) At the onset of the 
project, start with as comprehensive of a plan as possible to keep you 
focused so that you avoid running into a dead end or getting sidetracked. 



Taking the user into consideration 

Identifying what you want your Web database application to do is only one 
aspect of planning. You must also consider what your users will want from 
it. For example, say your goal is to gather a list of customer names and 
addresses for marketing purposes. Will customers be willing to give up that 
information? 

Your application needs to fulfill a purpose for the users as well as for your- 
self. Otherwise, they'll just ignore it. Before users will be willing to give you 
their names and addresses, for example, they need to perceive that they will 
benefit in some way from giving you this information. Here are a few exam- 
ples of why users might be willing to register their names and addresses at 
your site: 

I/* To receive a newsletter: To be perceived as valuable, the newsletter 
should cover an industry related to your products. It should offer news 
and spot trends — and not just serve as marketing material about your 
products. 

To enter a sweepstakes for a nice prize: Who can turn down a chance 
to win an all-expense-paid vacation to Hawaii or a brand-new SUV? 

1^ To receive special discounts: For example, you can periodically e-mail 
special discount opportunities to customers. 

To be notified about new products or product upgrades when they 
become available: For example, customers might be interested in being 
notified when a software update is available for downloading. 

To get access to valuable information: For instance, you must register 
at 7776 New York Times Web site in order to gain access to its articles 
online. 

Now add the customer tasks to your list of tasks that you want the applica- 
tion to perform. For example, consider this list of tasks that you identified for 
setting up an online retailer: 

Iu^ Provide a form for customers to fill out. 
Store the customer information in a database. 
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If you take the customer's viewpoint into account, the list expands a bit: 



ent a description of the advantages customers receive by registering 



Provide a form for customers to fill out. 
I Add customers' e-mail addresses to the newsletter distribution list. 
I y Store the customer information in a database. 

After you have a list of tasks that you want and tasks that your users want, 
you have a plan for a Web application that is worth your time to develop and 
worth your users' time to use. 



In addition to planning what your Web application is going to do, you need to 
consider how it is going to do it. Making your application easy to use is 
important: If customers can't find your products, they aren't going to buy 
them. And if customers can't find the information that they need in a pretty 
short time, they will go look elsewhere. On the Web, customers can always 
easily go elsewhere. 

Making your application easy to use is usability engineering. Web usability 
includes such issues as 

V Navigation: What is on your site and where it is located should be imme- 
diately obvious to a user. 

Graphics: Graphics make your site attractive, but graphic files can be 
slow to display. 

Access: Some design decisions can make your application accessible or 
not accessible to users who have disabilities such as impaired vision. 

Browsers: Different browsers (even different versions of the same 
browser) can display the same HTML (HyperText Markup Language) file 
differently. 

Web usability is a large and important subject, and delving into the topic 
more deeply is beyond the scope of this book. But fear not, you can find lots 
of helpful information on Web usability on — you guessed it — the Web. Be 
sure to check out the Web sites of usability experts Jakob Nielsen (www . usei t . 
com) and Jarod Spool (http : //worl d . std . corri/~ui eweb/). Vincent 
Flanders also has a fun site full of helpful information about Web design at 
WebPagesThatSuck . com. And books on the subject can be very helpful, such 
as Web Design For Dummies by Lisa Lopuck (Wiley). 




Making the site east^ to use 



Part I: Developing a Web Database Application Using PHP and MySQL 



Leaving room for expansion 

pBoQte 



0^ 



inty about your Web application is that it will change over time, 
line, you might think of new functions for it or just simply want to 
change something about it. Or maybe Web site software improves so that 
your Web application can do things that it couldn't do when you first put it 
up. Whatever the reason, your Web site will change. When you plan your 
application, you need to keep future changes in mind. 

You can design your application in steps, taking planned change into 
account. You can develop a plan in which you build an application today that 
meets your most immediate needs and make it available as soon as it's ready. 
Your plan can include adding functions to the application as quickly as you 
can develop them. For example, you can build a product catalog and publish 
it on your Web site as soon as it's ready. You can then begin work on an 
online ordering function for the Web site, which you will add when it's ready. 

You can't necessarily foresee all the functions that you might want in your 
application in the future. For instance, you might design your travel Web site 
with sections for all possible destinations today, but the future could surprise 
you. Trips to Mars? Alpha Centauri? An alternate universe? Plan your applica- 
tion with the flexibility needed to add functionality in the future. 



Writing^ it doWn ■ 

Write your plan down. You will hear this often from me. 1 speak from the 
painful experience of not writing it down. When you develop your plan, it's 
foremost in your mind and perfectly clear But in a few short weeks, you will 
be astonished to discover that it has gone absolutely hazy while your atten- 
tion was on other pressing issues. Or you want to make some changes in the 
application a year from now and won't remember exactly how the application 
was designed. Or you're working with a partner to develop an application 
and you discover that your partner misunderstood your verbal explanation 
and developed functions for the application that don't fit in your plan. You 
can avoid these types of problems by writing everything down. 



Presenting the Tu/a Running 
Emmptes in This Book 

In the next two sections, 1 introduce the two example Web database applica- 
tions that 1 created for this book. I refer to these examples throughout the 
book to demonstrate aspects of application design and development. 
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lexample is an online product catalog. You're the owner of a pet 
id you want your catalog to provide customers with information 
about the pets that are for sale. Selling the pets online is not feasible 
although you're toying with the idea of allowing customers to "reserve" pets 
online — that is, before they come into the store to purchase them. Currently, 
the application is simply an online catalog. Customers can look through the 
catalog online and then come into the store to buy the pet. The information 
about all the pets is stored in a database, and customers can search the data- 
base for information on specific pets or types of pets. 

Here is your plan for this application: 

1/^ Allow customers to select which pet they want to see information 
about. 

Offer two selection methods: 

• Selecting from a list of links: Display a list of links that are pet cat- 
egories (for example, dog, cat, dinosaur, and so on). When the cus- 
tomer clicks a category link, a list of pets is displayed. Each pet in 
the list is a link to a description of the pet. 

• Typing in search terms: Display a search form in which customers 
can type words that describe the type of pet they're looking for. 
The application searches the database for matching words and 
displays the pet information for any pets that match the search 
words. For example, a customer can type cat to see a list of all avail- 
able cats. Each cat in the list is a link to a description of that cat. 

V Display a description of the pet when the customer clicks the link. 

The description is stored in a database. 



Members Onti^ 

The second example Web database application is related to the preceding pet 
store example. In addition to the online catalog, you also want to put up a 
section on your pet store Web site for members only. In order to access this 
area of the site, customers have to register — providing their names and 
addresses. In this Members Only section, customers can order pet food at a 
discount, find out about pets that are on order but haven't arrived yet, and 
also gain access to articles with news and information about pets and pet 
care. 
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This is your plan for this application: 
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lay a description of what special features and information are 
liable in the Members Only section. 



Provide an area where customers can register for the Members Only 
section. 

• Provide a link to the registration area. 

• Display a form in the registration area where customers can type 
their registration information. 

The form should include space for a user login name and password 
as well as the information that you want to collect. 

• Validate the information that the user entered. 

For example, verify that the ZIP code is the correct length, the 
e-mail address is in the correct format, and so on. 

• Store the information in the database. 

Provide a login section for customers who are already registered for 
the Members Only section. 

• Display a login form that asks for the customer's user name and 
password. 

• Compare the user name and password that are entered with the 
user names and passwords in the database. 

If no match is found, display an error message. 

Display the Members Only Web page after the customer has success- 
fully logged in. 



besiqninq the Database 

After you determine exactly what the Web database application is going to do 
(see the beginning part of this chapter if you haven't done this yet), you're 
ready to design the database that holds the information needed by the appli- 
cation. Designing the database includes identifying the data that you need 
and organizing the data in the way required by the database software. 



Choosing the data 

First, you must identify what information belongs in your database. Look at 
the list of tasks that you want the application to perform and determine what 
information you need to complete each of those tasks. 
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Here are a few examples: 

J^^W^nline catalog needs a database containing product information. 

^'VSwnline order application needs a database that can hold customer 
information and order information. 

]/^ A travel Web site needs a database with information on destinations, 
reservations, fares, schedules, and so on. 

In many cases, your application might include a task that collects information 
from the user You'll have to balance your urge to collect all the potentially 
useful information that you can think of against your users' reluctance to give 
out personal information — as well as their avoidance of forms that look too 
time-consuming. One compromise is to ask for some optional information. 
The users who don't mind can enter it, but users who object can leave it 
blank. Another possibility is to offer an incentive: The longer the form is, the 
stronger the incentive that you'll need to motivate the user to fill out the 
form. A user might be willing to fill out a very short form to enter a sweep- 
stakes that offers two sneak-preview movie tickets for a prize. But if the form 
is long and complicated, the prize needs to be more valuable, such as a free 
trip to California and a tour of a Hollywood movie studio. 

In the first example application, your customers search the online catalog for 
information on pets that they might want to buy. You want customers to see 
information that will motivate them to buy a pet. The information that you 
want to have available in the database for the customer to see is 

1^ The name of the pet ' 

For example, poodle, unicorn, and so on 

A description of the pet 
1^ A picture of the pet 
1^ The cost of the pet 

In the second example application, the Members Only section, you want to 
store information about registered members. The information that you want 
to store in the database is 

Member name 

Member address 
1/^ Member phone number 
1^ Member fax number 
1^ Member e-mail address 
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Take the time to develop a comprehensive list of the information that you 
need to store in your database. Although you can change and add informa- 
)ur database after it's developed, including the information from the 
; is easier. Also, if you add information to the database later — after 
it's in use — the first users in the database will have incomplete information. 
For example, if you change your form so that it now asks for the user's age, 
you won't have the age for the people who have already filled out the form 
and are already in the database. 



neea lo sic 



Or^anizin^ the data 



MySQL is a RDBMS (Relational Database Management System), which means 
that the data is organized into tables. (See Chapter 1 for more on MySQL.) 
You can establish relationships between the tables in the database. 

Or^anizin^ data in tables 

RDBMS tables are organized like other tables that you're used to — in rows 
and columns, as shown in Figure 3-1. The place where a particular row and 
column intersect, the individual cell, is a field. 



Figure 3-1: 

MySQL data 
is organized 
into tables. 




The focus of each table is an object (a thing) that you want to store informa- 
tion about. Here are some examples of objects: 



Customers 
Products 
1^ Companies 
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I Animals 
Cities 
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i/" Computers 
Shapes 

Documents ■ — 

i/* Projects 
Weeks 

You create a table for each object. The table name should clearly identify the 
objects that it contains with a descriptive word or term. The name must be a 
character string with no spaces in it. The table name can contain letters, 
numbers, underscores (_), or dollar signs (S). It's customary to name the 
table in the singular. Thus, a name for a table of customers might be 
Customer, and a table containing customer orders might be named 
CustomerOrder. Upper- and lowercase is significant on Linux/Unix but not 
on Windows: CustomerOrder and Customerorder are the same to Windows — 
but not to Linux or Unix. 



In database talk, an object is an entity, and an entity has attributes. In the 
table, each row represents an entity, and the columns contain the attributes 
of each entity. For example, in a table of customers, each row contains infor- 
mation for a single customer. Some of the attributes contained in the columns 
might be first name, last name, phone number, age, and so on. 



Here are the steps for organizing your data into tables: 



1. Name your database. 

Assign a name to the database for your application. For instance, a data- 
base containing information about households in a neighborhood might 
be named Househol dDi rectory. 

2. Identify the objects. 

Look at the list of information that you want to store in the database. 
(If you haven't done this yet, check out the section, "Choosing the data," 
earlier in this chapter.) Analyze your list and identify the objects. For 
instance, the Househol dDi rectory database might need to store the 
following: 

• Name of each family member 

• Address of the house 

• Phone number 
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• Age of each household member 
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• Favorite breakfast cereal of each household member 



n you analyze this list carefully, you realize that you're storing infor- 
mation about two objects: the household and the household members. 
That is, the address and phone number are for the household in general, 
but the name, age, and favorite cereal are for a particular household 
member. 

3. Define and name a table for each object. 

For instance, the HouseholdDi rectory database needs a table called 
Household and a table called Househol dMember. 

4. Identify the attributes for each object. 

Analyze your information list and identify the attributes that you need to 
store for each object. Break the information to be stored into its smallest 
reasonable pieces. For example, when storing the name of a person in a 
table, you can break down the name into first name and last name. Doing 
this enables you to sort by the last name, which would be more difficult 
if the first and last name were stored together In fact, you can even 
break down the name into first name, middle name, and last name, 
although not many applications need to use the middle name separately. 

5. Define and name columns for each separate attribute that you identi- 
fied in Step 4. 

Give each column a name that clearly identifies the information in that 
column. The column names should be one word, with no spaces. For 
example, you might have columns named f i rstName and 1 astName or 
f i rst_narrie and 1 ast_name. 

Some words are reserved by MySQL or SQL for its own use and can't be 
used as column names. The words are currently used in SQL statements 
or are reserved for future use. For example, ADD, ALL, AND, CREATE, DROP, 
GROUP, ORDER, RETURN, SELECT, SET, TABLE, USE, WHERE, and many, many 
more can't be used as column names. For a complete list of reserved 
words, see the online MySQL manual at www .mysql .com /doc/en/ 
Reserved_words . html . 

6. Identify the primary key. 

Each row in a table needs a unique identifier No two rows in a table 
should be exactly the same. When you design your table, you decide 
which column holds the unique identifier, called the primary key. The 
primary key can be more than one column combined. In many cases, 
your object attributes will not have a unique identifier For example, a 
customer table might not have a unique identifier because two cus- 
tomers can have the same name. When there is no unique identifier 
column, you need to add a column specifically to be the primary key. 
Frequently, a column with a sequence number is used for this purpose. 
For example, in Figure 3-2, the primary key is the cust_i d field because 
each customer has a unique ID number 
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Figure 3-2: 

A sample 
from the 
Customer 
table. 



custjd 


first_name 


last_name 


phone 


\<395 


John 


Smith 


555-5555 


44555 


Joe 


Lopez 


555-5553 


23695 


Judy 


Chang 


555-5552 










27822 


Jubal 


Tudor 


555-5556 


29844 


Joan 


Smyths 


555-5559 



7. Define the defaults. 

You can define a default that MySQL will assign to a field when no data is 
entered into the field. A default is not required but is often useful. For 
example, if your application stores an address that includes a country, 
you can specify US as the default. If the user does not type a country, US 
will be entered. 

8. Identify columns with required data. 

You can specify that certain columns are not allowed to be empty (also 
called NULL). For instance, the column containing your primary key can't 
be empty. That means that MySQL will not create the row if no value is 
stored in the column. The value can be a blank space or an empty string 
(for example, " "), but some value must be stored in the column. You can 
set other columns, as well as the primary key, to be in error if they are 
empty. 

Well-designed databases store each piece of information in only one place. 
Storing it in more than one place is inefficient and creates problems if infor- 
mation needs to be changed. If you change information in one place but 
forget to change it in another place, your database can have serious problems. 

If you find that you're storing the same data in several rows, you probably 
need to reorganize your tables. For example, suppose you're storing data 
about books, including the publisher's address. When you enter the data, 
you realize that you're entering the same publisher's address in many rows. 
A more efficient way to store this data would be to store the book informa- 
tion in one table and the book publisher information in a separate table. 
You can define two tables: Book and BookPubl i sher. In the Book table, 
you would have the columns ti tl e, author, pub_date, and pri ce. 
In the BookPubl i sher table, you would have columns such as name, 
streetAddress, ci ty, and so on. 
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Creating relationships beMeen tables 

Sopie tables in a database are related to one another. Most often, a row in one 
l^iQelated to several rows in another table. A column is needed to con- 
^ft^elated rows in different tables. In many cases, you include a column 
in one table to hold data that matches data in the primary key column of 
another table. 



A common application that needs a database with two related tables is a cus- 
tomer order application. For example, one table contains the customer infor- 
mation, such as name, address, phone, and so on. Each customer can have 
from zero to many orders. You could store the order information in the table 
with the customer information, but a completely new row would be created 
each time that the customer placed an order, and each new row would con- 
tain all the customer's information. It would be much more efficient to store 
the orders in a separate table. The Order table would have a column that 
contains the primary key from a row in the Custome r table so that the order 
is related to the correct row of the Customer table. The relationship is shown 
in the tables in Figures 3-2 and 3-3. 

The Customer table in this example looks like Figure 3-2 (see the preceding 
section). Notice the unique cust_i d for each customer 

The related Order table is shown in Figure 3-3. Notice that it has the same 
cust_i d column that appears in the Customer table. In this way, the order 
information in the Order table is connected to the related customer's name 
and phone number in the Customer table. 



Figure 3-3: 

A sample 
from the 
Order 
table. 



Order_no 


custjd 


item_num 


cost 


87-222 


27895 


cat-3 


200.00 










87-223 


27895 


cat-4 


225.00 


87-224 


44555 


horse-1 


550.00 


87-225 


44555 


dog-27 


210.00 


87-226 


27895 


bird-1 


50.00 
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In this example, the columns that relate the Customer table and the Order 
table have the same name. They could have different names as long as the 
e columns is the same. 
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Oesignin^ the Sample Databases 



In the following two sections, 1 design the two databases for the two example 
applications used in this book. 



Pet Catalog design process 

You want to display the following list of information when customers search 
your pet catalog: 

J The name of the pet 

For example, poodle, unicorn, and so on 

A description of the pet 
1^ A picture of the pet 
1^ The cost of the pet 

In the Pet Catalog plan, a list of pet categories is displayed. This requires that 
each pet be classified into a pet category and that the pet category be stored 
in the database. 



You design the PetCatalog database by following the steps presented in the 
"Organizing data in tables" section, earlier in this chapter: 

1. Name your database. 

The database for the Pet Catalog is named PetCatalog. 

2. Identify the objects. 
The information list is 

• The name of the pet (for example, poodle, unicorn, and so on) 

• A description of the pet 

• A picture of the pet 

• The cost of the pet 

• The category for the pet 

All this information is about pets, so the only object for this list is Pet. 
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3. Define and name a table for each object. 

The Pet Catalog application needs a table called Pet. 
tify the attributes for each object. 

Now you look at the information in detail: 

• Name of the pet: A single attribute — for example, poodle, uni- 
corn, and so on. However, it seems likely that your pet shop might 
have more than one poodle for sale at a time. Therefore, your table 
needs a unique identifier to serve as the primary key. 

• Pet identification number: A sequence number assigned to each 
pet when it's added to the table. This number is the primary key. 

• Description of the pet: Two attributes: the written description of 
the pet as it would appear in a printed catalog and the color of 
the pet. 

• Picture of the pet: A path name to a graphic file containing a beau- 
tiful picture of the pet. 

• Cost of the pet: The dollar amount that the store is asking for 
the pet. 

• Category for the pet: Two attributes: a category name that 
includes the pet — for example, dog, horse, dragon — and a 
description of the category. 

It would be inefficient to include two types of information in the Pet 
table: 

• The category information includes a description of the category. 
Because each category can include several pets, including the 
category description in the Pet table would result in the same 
description appearing in several rows. It is more efficient to define 
Pet Category as an object with its own table. 

• If the pet comes in several colors, all the pet information will be 
repeated in a separate row for each color. It is more efficient to 
define Pet Color as an object with its own table. 

The added tables are named Pet Type and PetCol or. 

5. Define and name columns. 

The Pet table has one row for each pet. The columns for the Pet 
table are 

• pet I D: Unique sequence number assigned to each pet. 

• petName: Name of the pet. 

• petTy pe: The category name. This is the column that connects the 
pet to the correct row in the PetType table. 

• petDescri pti on: The description of the pet. 
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pri ce: The price of the pet. 

pi x: The filename of a graphics file that contains a picture of 
the pet. 



The PetType table has one row for each pet category. It has the follow- 
ing columns: 

• petTy pe: The category name of a type of pet. This is the primary 
key for this table. Notice that the Pet table has a column with the 
same name. These columns link this table with the Pet table. 

• typeDescri pti on: The description of the pet type. 

The Pet Col or table has one row for each pet color. It has the following 
columns: 

• petName: The name of the pet. This is the column that connects 
the color row to the correct row in the Pet table. 

• petCol or: The color of the pet. 

6. Identify the primary key. 

• The primary key of the Pet table is pet I D. 

• The primary key of the PetType table is petType. 

• The primary key of the PetCol or table is petName and petCol or 
together. 

7. Define the defaults. ■ 

No defaults are defined for either table. 

8. Identify columns with required data. 

The following columns should never be allowed to be empty: 

• petID 

• petName 

• petCol or 

• petType 

These columns are the primary key columns. A row without these values 
should never be allowed in the tables. 



Members Ontt^ design process 

You create the following list of information that you want to store when cus- 
tomers register for the Members Only section of your Web site: 

Ij^* Member name 
I/' Member address 
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Member phone number 
Member fax number 
ber e-mail address 



In addition, you also would like to collect the date when the member regis- 
tered and track how often the member actually goes into the Members Only 
section. 



You design the Members Only database by following the steps presented in 
the "Organizing data in tables" section, earlier in this chapter: 

1. Name your database. 

The database for the Members Only section is named 

MemberDi rectory. 

2. Identify the objects. 

The information list is 

• Member name 

• Member address 

• Member phone number 

• Member fax number 

• Member e-mail address 

• Member registration date 

• Member logins 

All this information pertains to members, so the only object for this list 

is member. 

3. Define and name a table for each object. 

The MemberDi rectory database needs a table called Member. 

4. Identify the attributes for each object. 
Look at the information list in detail: 

• Member name: Two attributes: first name and last name. 

• Member address: Four attributes: street address, city, state, and 
ZIP code. Currently, you only have pet stores in the United States, 
so you can assume the member address is an address in the U.S. 
mailing address format. 

• Member phone number: One attribute. 

• Member fax number: One attribute. 

• Member e-mail address: One attribute. 

• Member registration date: One attribute. 
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Several pieces of information are related to member logins: 
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• Logging into the Members Only section requires a login name and 
a password. These two items need to be stored in the database. 

The easiest way to keep track of member logins is to store the 
date/time when the user logged into the Members Only section. 

Because each member can have many logins, many date/times for logins 
need to be stored. Therefore, rather than defining the login time as an 
attribute of the member, define login as an object, related to the 
member, but requiring its own table. 

The added table is named Logi n. The attribute of a login object is its 
login time (time includes date). 

5. Define and name columns. 

The Member table has one row for each member The columns for the 
Member table are 

• 1 ogi nName 

Each login name must be unique. The programs in the application make 
sure that no two members ever have the same login name. 

• password 

• createDate 

• f i rstName 

• 1 astName 

• street 

• city 

• state 
•zip 

• emai 1 

• phone 

• fax 

The Logi n table has one row for each login: that is, each time a member 
logs into the Members Only section. It has the following columns: 

• logi nName: The login name of the member who logged in. This is 
the column that links this table to the Membe r table. This is a 
unique value in the Member table but not a unique value in this 
table. 



I 



• 1 ogi nTi me: The date and time of login. 
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6. Identify the primary key. 

• The primary key for the Member table is 1 ogi nName. 



The primary key for the Logi n table is 1 ogi nName and 1 ogi nTi me 
together. 



7. Define tiie defaults. 

No defaults are defined for either table. 

8. Identify columns with required data. 

The following columns should never be allowed to be empty: 

• 1 ogi nName 

• password 

• logi nTi me 

These columns are the primary key columns. A row without these values 
should never be allowed in the tables. 



Ti^pes of Data 

MySQL stores information in different formats based on the type of informa- 
tion that you tell MySQL to expect. MySQL allows different types of data to be 
used in different ways. The main types of data are character, numerical, and 
date/time data. ■ 



Character data 

The most common type of data is character data — data that is stored as 
strings of characters and can only be manipulated in strings. Most of the 
information that you store will be character data, such as customer name, 
address, phone number, pet description, and so on. Character data can be 
moved and printed. Two character strings can be put together (concate- 
nated), a substring can be selected from a longer string, and one string can 
be substituted for another 

Character data can be stored in a fixed-length format or a variable-length 
format. 

1^ Fixed-length format: In this format, MySQL reserves a fixed space for 
the data. If the data is longer than the fixed length, only the characters 
that fit are stored — the remaining characters on the end are not stored. 
If the string is shorter than the fixed length, the extra spaces are left 
empty and wasted. 
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Variable-length format: In this format, MySQL stores the string in a field 
that is the same length as the string. You still specify a length for the 
g, but if the string is shorter than the specified length, MySQL only 
the space required rather than leaving the extra space empty. If the 
string is longer than the space specified, the extra characters are not 
I stored. 

If a character string length varies only a little, use the fixed-length format. For 
example, a length of 10 works for all ZIP codes, including those with the ZIP+4 
number If the ZIP code does not include the ZIP+4 number, only five spaces 
are left empty. However, if your character string can vary more than a few 
characters, use a variable-length format to save space. For example, your pet 
description might be Small bat or it might run to several lines of description. 
So it would be better to store this description in a variable-length format. 



Numericat data 

Another common type of data is numerical data — data that is stored as a 
number Decimal numbers (for example, 10.5, 2.34567, 23456.7) can be stored 
as well as integers (for example, 1, 2, 248). When data is stored as a number, 
it can be used in numerical operations, such as adding, subtracting, squaring, 
and so on. If data isn't used for numerical operations, however, storing it as a 
character string is better because the programmer will be using it as a char- 
acter string. No conversion is required. For example, you probably won't 
want to add the digits in the users' phone numbers, so phone numbers 
should be stored as character strings. 

MySQL stores positive and negative numbers, but you can tell MySQL to 
store only positive numbers. If your data will not be negative, store the data 
as unsigned (without using a + or - sign before the number). For example, a 
city population or the number of pages in a document can never be negative. 



bate and time data 

A third common type of data is date and time data. Data stored as a date can 
be displayed in a variety of date formats. It can also be used to determine the 
length of time between two dates or two times — or between a specific date 
or time and some arbitrary date or time. 



Enumeration data 

Sometimes data can have only a limited number of values. For example, the 
only possible values for a column might be yes or no. MySQL provides a data 
type called enumeration for use with this type of data. You tell MySQL what 
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values can be stored in the column (for example, yes, no), and MySQL will 
not store any other values in the column. 



pBooks 

Mi^SQL data ti^pe names 



When you create a database, you tell MySQL what kind of data to expect in a 
particular column by using the MySQL names for data types. Table 3-1 shows 
the MySQL data types used most often in Web database applications. 



Table 3-1 


MySQL Data Types 




MySQL Data Type 


Description 




ZWKUlength) 


Fixed-length character string. 




VARCHAR( length) 


Variable-length character string. The longest 
string that can be stored is /engt/?, which 
must be between 1 and 255. 


TEXT 


Variable-length character string with 
mum length of 64KB of text. 


a maxi- 






INK / engzn ) 


miegerwiin a range irom-^it/tojotoio 
+2147483647. The number that can be displayed 
is limited by / ength. For example, if / ength is 
4, only numbers from -999 to 9999 can be dis- 
played, even though higher numbers are stored. 


IHJilength) UNSIGNED 


Integer with a range from 0 to 4294967295. 
length is the size of the numberthat can be 
displayed. For example, if / ength is 4, only 
numbers up to 9999 can be displayed, even 
though higher numbers are stored. 


DEClMMil ength , dec) 


Decimal numberwhere 1 ength is the number 
of characters that can be used to display the 
number, including decimal points, signs, and 
exponents, and dec'is the maximum number of 
decimal places allowed. For example, 12.34 has 
/ ength of 5 and dec of 2. 


DATE 


Date value with year, month, and date. Displays 
the value as YYYY-MM-DD (for example, 
2001-04-03). 


TIME 


Time value with hour, minute, and second. 
Displays as HH:MM:SS. 
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MySQL Data Type 


Description 




Date and time are stored together. Displays as 




YYYY-MM-DD HH:MM:SS. 


ENUM i"vdU" , "Vdl2" . . 


, . ) Only the values listed can be stored. A maximum 




of 65535 values can be listed. 



MySQL allows many other data types, but they're less frequently needed. For 
a description of all the available data types, see the documentation on the 
MySQL documentation at www . mysql . com/doc/C/o/Col umnjypes . html . 



lVritin0 it doWn 

Here's my usual nagging: Write it down. You probably spent considerable time 
making the design decisions for your database. At this point, the decisions 
are firmly fixed in your mind. You don't believe that you can forget them. 
However, suppose that a crisis intervenes, and you don't get back to this pro- 
ject for two months. You will have to analyze your data and make all the 
design decisions again. You can avoid this by writing down the decisions now. 

Document the organization of the tables, the column names, and all other 
design decisions. A good format is a document that describes each table in 
table format, with a row for each column and a column for each design deci- 
sion. For example, your columns would be column name, data type, and 
description. 



Taking a Look at the Sample 
database Designs 

This section contains the database designs for the two example Web data- 
base applications. 



Stuff far Sate database tables 

The database design for the Pet Catalog application includes three tables: 
Pet, PetType, and PetCol or. Tables 3-2 through 3-4 show the organization of 
these tables. The table definition is not set in concrete; MySQL allows you to 
change tables pretty easily. For example, if you set the data type for a vari- 
able to CHAR ( 20 ) and find that isn't long enough, you can easily change the 
data type. 
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The database design is as follows: 
name: PetCatalog 



Table 3-2 


Database Table 1: Pet 




Variable Name 


Type 


Description 




petID 


INT(5) 


Sequence number for pet (primary key) 


petName 


CHAR(25) 


Name of pet 




petType 


CHAR(15) 


Category of pet 




petDescri pti on 


VARCHAR(255) 


Description of pet 




pri ce 


DECIMAL(9,2) 


Price of pet 




pix 


CHAR(15) 


Path name to graphic file thi 


at contains 



picture of pet 



Table 3-3 Database Table 2: PetType 



Variable Name 


Type 


Description 




petType 


CHAR(15) 


Name of pet category (primary l<ey) 



typeDescri pti on VARCHAR(255) Description of category 



Table 3-4 Database Table 3: PetColor 



Variable Name 


Type 


Description 


petName 


CHAR(25) 


Name of pet (primary l<ey 1) 


petCol or 


CHAR(15) 


Color name (primary key 2) 



Members Ontt^ database tables 

The database design for the Members Only application includes two tables 
named Member and Logi n. Tables 3-5 and 3-6 document the organization of 
these tables. The table definition is not set in concrete; MySQL allows you to 
change tables pretty easily If you set the data type for a variable to CHAR ( 25 ) 
and find that it isn't long enough, it's easy to change the data type. 
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The database design is as follows: 
name: MemberDirectory 



Table 3-5 



Database Table 1: Member 



Variable Name 


Type 




Description 


1 ogi nName 


VARCHAR(20) 


User-specified login name (primary key) 


password 


CHAR(255) 




User-specified password 


createDate 


DATE 




Date member registered and created login 
account 


1 astName 


VARCHAR(50) 


Member's last name 


f i rstName 


VARCHAR(40) 


Member's first name 


street 


VARCHAR(50) 


Member's street address 


city 


VARCHAR(50) 


Member's city 


state 


CHAR(2) 




Member's state 


zip C 


;HAR(10) 




Member's ZIP code 


email V 


'ARCHAR(50 


) Member's e-mail address 


phone C 


;HAR(15) 


Member's phone number 


fax 


CHAR(15) 


Member's fax number 



Table 3-6 Database Table 2: Login 



Variable Name 


Type 


Description 




1 ogi nName 


CHAR(20) 


Login name specified by user (primary key 1 ) 


1 ogi nTime 


DATETIME 


Date and time of login (primary key 2) 



Oe(/etopm0 the Application 



After you develop a plan listing the tasks that your application is going to 
perform and you develop a database design, you're ready to create your 
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application. First, you build the database; then, you write your PHP pro- 
grams. You are moments away from a working Web database application, 
aps that's an exaggeration. But you are making progress. 



Buitdinq the database 



Building the database means turning the paper database design into a work- 
ing database. Building the database is independent of the PHP programs that 
your application uses to interact with the database. The database can be 
accessed using programming languages other than PHP, such as Perl, C, or 
Java. The database stands on its own to hold the data. 

You should build the database before writing the PHP programs. The PHP 
programs are written to move data in and out of the database, so you can't 
develop and test them until the database is available. 

The database design names the database and defines the tables that make 
up the database. To build the database, you communicate with MySQL by 
using the SQL language. You tell MySQL to create the database and to add 
tables to the database. You tell MySQL how to organize the data tables 
and what format to use to store the data. Detailed instructions for building 
the database are provided in Chapter 4. 



■ 

Writ 'mq the programs 

Your programs perform the tasks for your Web database application. They 
create the display that the user sees in the browser window. They make your 
application interactive by accepting and processing information typed in the 
browser window by the user They store information in the database and get 
information out of the database. The database is useless unless you can 
move data in and out of it. 



The plan that you develop (as 1 discuss in the earlier sections in this chapter) 
outlines the programs that you need to write. In general, each task in your 
plan calls for a program. If your plan says that your application will display a 
form, you need a program that displays a form. If your plan says that your 
application will store the data from a form, you need a program that gets the 
data from the form and puts it in the database. 

The PHP language was developed specifically to write interactive Web appli- 
cations. It has the built-in functionality needed to make writing application 
programs as painless as possible. It has methods that were included in the 
language specifically to access data from forms. It has methods to put data 
into a MySQL database, and it has methods to get data from a MySQL data- 
base. Detailed instructions for writing PHP programs are provided in Part 111 
of this book. 
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In this part . . . 

m his part provides the details of working with a MySQL 
w database. You find out how to use SQL to communi- 
cate with MySQL. In addition, you discover how to create 
a database, change a database, and move data in and out 
of a database. 
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In This Chapter 

^ Using SQL to make requests to MySQL 

^ Creating a new database 

^ Adding information to an existing database 

^ Looking at information in an existing database 

^ Removing information from an existing database 



fter completing your database design (see Chapter 3 if you haven't done 
r • this yet), you're ready to turn it into a working database. In this chapter, 
you find out how to build a database based on your design — and how to 
move data in and out of it. 

The database design names the database and defines the tables that make up 
the database. In order to build the database, you must communicate with 
MySQL, providing the database name and the table structure. Later on, you 
must communicate with MySQL to add data to (or request information from) 
the database. The language that you use to communicate with MySQL is SQL. 
In this chapter, 1 explain how to create SQL queries and use them to build 
new databases and interact with existing databases. 



Commumcatirt^ u/ith MifSQL 

The MySQL server is the manager of your database: 

It creates new databases. 

It knows where the databases are stored. 

It stores and retrieves information, guided by the requests (queries) that 
it receives. 

To make a request that MySQL can understand, you build an SQL query and 
send it to the MySQL server. (For a more complete description of the MySQL 
server, see Chapter 1.) The next two sections detail how to do this. 
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Building SQL ((ueries 



ctured Query Language ) is the computer language that you use to 
'icate with MySQL. SQL is almost English; it is made up largely of 
English words, put together into strings of words that sound similar to 
English sentences. In general (fortunately), you don't need to understand any 
arcane technical language to write SQL queries that work. 

The first word of each query is its name, which is an action word (a verb) 
that tells MySQL what you want to do. The queries that 1 discuss in this chap- 
ter are CREATE, DROP, ALTER, SHOW, INSERT, LOAD, SELECT, UPDATE, and 
DELETE. This basic vocabulary is sufficient to create — and interact with — 
databases on Web sites. 



The query name is followed by words and phrases — some required and 
some optional — that tell MySQL how to perform the action. For instance, 
you always need to tell MySQL what to create, and you always need to tell it 
which table to insert data into or to select data from. 



The following is a typical SQL query. As you can see, it uses English words: 



SELECT lastName FROM Member 



This query retrieves all the last names stored in the table named Member. 
Of course, more complicated queries (such as the following) are less 
English-like: 

SELECT lastName, firstName FROM Member WHERE state="CA" AND 
city="Fresno" ORDER BY lastName 

This query retrieves all the last names and first names of members who live 
in Fresno and then puts them in alphabetical order by last name. This query 
is less English-like but still pretty clear. 




Here are some general points to keep in mind when constructing an SQL 
query, as illustrated in the preceding sample query: 



Capitalization: In this book, 1 put the SQL language words in all caps; 
items of variable information (such as column names) are usually given 
labels that are all or mostly lowercase letters. I did this to make it easier 
for you to read — not because MySQL needs this format. The case of the 
SQL words doesn't matter; select is the same as SELECT, and from is the 
same as FROM, as far as MySQL is concerned. On the other hand, the 
case of the table names, column names, and other variable information 
does matter if your operating system is Unix and Linux. When using Unix 
or Linux, MySQL needs to match the column names exactly, so the case 
for the column names has to be correct — lastname is not the same as 
lastName. Windows, however, isn't as picky as Unix and Linux; from its 
point of view, lastname and lastName are the same. 
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I write 



doesn't matter how many spaces you use; you could just as well use 20 
es or just 1 space. SQL also doesn't pay any attention to the end of 
ine. You can start a new line at any point in the SQL statement or 
write the entire statement on one line. 



i/" Quotes: Notice that CA and Fresno are enclosed in double quotes (") in 
the preceding query. CA and Fresno are series of characters called text 
strings or character strings. (1 explain strings in detail later in this chap- 
ter) You are asking MySQL to compare the text strings in the SQL query 
with the text strings already stored in the database. Text strings are 
enclosed in quotes. When you compare numbers (such as integers) 
stored in numeric columns, you don't enclose the numbers in quotes. 
(In Chapter 3, 1 explain the types of data that can be stored in a MySQL 
database.) 



Sending SQL {(ueries 

This book is about PHP and MySQL as a pair Consequently, 1 don't describe 
the multitude of ways in which you can send SQL queries to MySQL — many 
of which have nothing to do with PHP. Rather, 1 provide a simple PHP pro- 
gram that you can use to execute SQL queries. (For the lowdown on PHP and 
how to write PHP programs, check out Part 111 of this book.) 

The program rTiysql_send.php has one simple function: to execute queries 
and display the results. Enter the program into the directory where you're 
developing your Web application (or download it from my Web site at 
janet.valade .com), change the information in lines 9-19, and then point 
your browser at the program. Listing 4-1 shows the program. 



Listing 4-1: PHP Program for Sending SQL Queries to MySQL 

<!-- Program: mysql_send.php 

Desc: PHP program that sends an SQL query to the 
MySQL server and displays the results. 

--> 

<html> 

<head><title>SQL Query Sender</ti tl e></head> 

<body> 

<?php 

$host=" hostname" ; 

$user=" mysql accountname "; 

$pdssword=" mysql password" ; 

/* Section that executes query */ 

if(@$_GET['form'] == "yes") 

{ 



(continued) 
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l_connect($host,$user,$password); 
ri_select_db($_POST[ 'database' ] ) ; 
fry = stri pSl ashes ( $_POST[ ' query ']) ; 
Sresult = mysql„query($query) ; 

echo "Database Selected: <b>{ $_POST[ ' database '] )</b><br> 

Query: <b>$query</b><h3>Resul ts</h3><hr>" ; 
if($result == 0) 

echo "<b>Error " .mysql_errno( ) . " : " .mysql_error( ) . 
"</b>" ; 

elseif (@mysql_num_rows($result) == 0) 

echo( "<b>Query completed. No results returned. 
</b><br>" ) ; 

el se 



echo "<table border='l'> 
<thead> 
<tr>" ; 

for($i = 0;$i < rriysql_nurri_f i el ds ( $resul t ) ; $i++) 
{ 

echo "<th>" .rriysql_f i el d„name ($result,$i ) . 
"</th>" ; 



echo 



' </tr> 
</thead> 

<tbody>" ; 
for ($i = 



0; $i < niysql_nuni_rows ( $resul t ) ; $i++) 



echo "<tr>"; 
$row = niysql_fetch_row($result) ; 
for($j = 0 ; $j<rriysql_nurri_f i el ds( $resul t) ; $j++) 



echo( "<td>" 

) 

echo "</tr>" ; 



$row[$j] . "</td>"); 



echo "</tbody> 
</table>" ; 
) //end else 
echo " 

<hr><br> 

<forrTi action = \"|$_SERVER['PHP_SELF'])\" rriethod = \"POST\"> 
<input type= ' hi dden ' narrie= ' query ' val ue= ' $query ' > 
<input type= ' hi dden ' narrie= ' database ' 

value={$_POST['database']l> 
<input type= ' submi t ' narTie=\"queryButton\" 

value=\"New Query\"> 
<input type= ' submi t ' name=\"queryButton\" 

value=\"Edit Query\"> 

</f orm>" ; 
unset( $f orm) ; 
exit( ) ; 

// endif form=yes 
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Section that requests user input of query */ 
query=stripSl ashes ( $_POST[ 'query ']) ; 
"'~ _POST[ ' queryButton ' ] != "Edit Query") 



$query 
) 

?> 



<forrn acti on="<?php echo $_SERVER[ ' PHP_SELF' ] ?>?form=yes" 
rnethod = "POST"> 
<table> 
<tr> 

<td al i gn=ri ght><b>Type in database name</b></td> 
<td><input type="text" name="database" 

value=<?php echo @$_POST[ ' database ' ] ?> ></td> 

</tr> 
<tr> 

<td al i gn=" ri ght" val ign="top"> 

<b>Type in SQL query</b></td> 
<td><textarea name="query" cols="60" 

rows="10"><?php echo $query ?></textarea> 

</td> 
</tr> 
<tr> 

<td colspan="2" al ign="center"><input type="submit" 
val ue="Submit Query"></td> 

</tr> 
</table> 
</f orm) 

</body></htrTil> 



You need to change lines 9, 10, and 11 of the program before you can use it. 
These lines are 



$host=" hostname" ; 
$user="mysql accountname" ; 
$pdssviord="mysql password" ; 



Change hostname to the name of the computer where MySQL is installed: 
for example, databasehost . mycompany .com. If the MySQL database is 
installed on the same computer as your Web site, you can use 1 oca 1 host 
as the hostname. 



Change mysql accountname and mysql password to the account name and 
password that you were given by the MySQL administrator to use to access 
your MySQL database. If you installed MySQL yourself, an account named 
root with no password is automatically installed. Sometimes an account with 
a blank account name and password is installed. You can use either the root 
or the blank account, but it's much better if you install an account specifi- 
cally for use with your Web database application. (1 discuss MySQL accounts 
and passwords in detail in Chapter 5.) 
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^ViB! An account named root with no password is not secure. You should give it a 
password right away. An account with a blank account name and password is 
^ii»i^li>-las6 secure. Anyone can access your database without needing to know 
^^Tfc^i^Jnt name or password. You should delete this account if it exists 
(see Chapter 5). 

If your MySQL account doesn't require a password, type nothing between the 
double quotes, as follows: 

$password=" " ; 

After you enter the correct hostname, account name, and password in 
my sqlsend.php, these are the general steps that you follow to execute an 
SQL query: 

1. Point your browser at mysql send . php. 
You see the Web page shown in Figure 4-L 

2. Type the SQL query in the large text box. 

3. Enter a database name in the first text box if the SQL query 
requires one. 

1 explain the details of writing specific SQL queries in the following sec- 
tions of this chapter. 
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4. Click the Submit Query button. 

The query is executed, and a page is displayed, showing the results of 
uery If your query had an error, the error message is displayed. 



You can test the niysql_send.php program by entering this test query in 
Step 2 of the preceding steps: 

SHOW DATABASES 



This query does not require you to enter a database name, so you can skip 
Step 3. When you click the Submit Query button in Step 4, a listing of the 
existing databases is displayed. In most cases, you see a database called 
Test, which is installed automatically when MySQL is installed. Also, you'll 
probably see a database called mysql , which MySQL uses to store informa- 
tion that it needs, such as account names, passwords, and permissions. Even 
if there are no existing databases, your SQL query will execute correctly. If a 
problem occurs, an error message is displayed. MySQL error messages are 
usually pretty helpful in finding the problem. 



A quicker way to send SQL queries 
to the MySQL server 

When MySQL is installed, a simple, text-based program called mysql (or sometimes the terminal 
monitororthe monitor) is also installed. Programs that communicate with servers are client soft- 
ware; because this program communicates with the MySQL server, it's a client. When you enter 
SQL queries in this client, the response is returned to the client and displayed onscreen. The mon- 
itor program can send queries across a network; it doesn't have to be running on the machine 
where the database is stored. 

To send SQL queries to MySQL by using the mysql client, follow these steps: 

1. Locate the mysql client. 

By default, the mysql client program is installed in the subdirectory bi n, under the directory 
where MySQL was installed. In Unix/Linux, the default is /usr/1 ocal /mysql /bi n or 
/usr/1 ocal /bi n. In Windows, the default is c : \mysql \bi n. However, the client might 
have been installed in a different directory. Or, if you're not the MySQL administrator, you might 
not have access to the mysql client. If you don't know where MySQL is installed or can't run 
the client, ask the MySQL administrator to put the client somewhere where you can run it or to 
give you a copy that you can put on your own computer. 

2. Start the client. 

In Unix/Linux, type the path/filename (for example, /usr/1 ocal /mysql /bi n/mysql ). In 
Windows, open a command prompt window and then type the path/filename (for example, 
c:\mysql\bin\mysql .exe). Press Enter after typing the path/filename unless you're using 
the parameters shown in Step 3. 
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the mysql client to access a database across the network, use the follow- 
fterthemysql command: 



h host: host is the name of the machine where MySQL is located. 

u user: user is your MySQL account name. 

- p: This parameter prompts you for the password for your MySQL account. 

For instance, if you're in the directory where the mysql client is located, the command might 
look like this: 

mysql -h mysqlhost.mycompany.com -u root -p 
Press Enter after typing the command. 

4. Enter your password when prompted for it. 

The mysql client starts, and you see something similar to this: 

Welcome to the MySQL monitor. Commands end with ; or \g. 
Your MySQL connection id is 459 to server version: 4.0.13 
Type 'help;' or '\h' for help. Type '\c' to clear the buffer, 
mysql > 

5. Select the database that you want to use. 

Atthe mysql prompt, type the following: 

use databasename 
Use the name of the database that you want to query. 

6. At the mysql prompt, type your SQL query, followed by a semicolon (;), and then press the 
Enter key. 

The my sql client continues to prompt for input and does not execute the query until you enter 
a semicolon. The response to the query is displayed onscreen. 

7. To leave the mysql client, type quit at the prompt and then press the Enter key. 



BuHdinq a Database 

A database has two parts: a structure to hold the data and the data itself. In 
the following few sections, I explain how to create the database structure. 
First you create an empty database with no structure at all, and then you add 
tables to it. 

The SQL queries that you use to work with the database structure are 
CREATE, ALTER, DROP, and SHOW. To use these queries, you must have a 
MySQL account that has permission to create, alter, and drop databases and 
tables. See Chapter 5 for more on MySQL accounts. 
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Creating a neW database 

I ^ 1^^) 1^ ^^^^1^^^ ^ ^"^Pty database, use the following SQL query: 





CREATE DATABASE databasename 

where databasename is the name that you give the database. For instance, 
these two SQL queries create the sample databases used in this book; 

CREATE DATABASE PetCatalog 
CREATE DATABASE MemberDi rectory 

Some Web hosting companies don't allow you to create a new database. You 
are given one database to use with MySQL, and you can only create tables in 
this one database. You can try requesting another database, but you need a 
good reason. MySQL and PHP don't care that all your tables are in one data- 
base instead of organized into databases with meaningful names. It's just 
easier for humans to keep track of projects when they're organized. 

To see for yourself that a database was in fact created, use this SQL query: 

SHOW DATABASES 

After you create an empty database, you can add tables to it. (Adding tables 
to a database is described later in this chapter.) 



Deleting a database 

You can delete any database with this SQL query: 

DROP DATABASE databasename 

Use DROP carefully because it is irreversible. After a database is dropped, it is 
gone forever. And any data that was in it is gone as well. 



Adding tables to a database 

You can add tables to any database, whether it's a new, empty database that 
you just created or an existing database that already has tables and data in 
it. You use the CREATE query to add tables to a database. 

In the sample database designs that I introduce in Chapter 3, the PetCatalog 
database is designed with three tables: Pet, PetType, and PetCol or. The 
MemberDi rectory database is designed with two tables: Member and Login. 
Because a table is created in a database, you must indicate the database 
name where you want the table created. That is, when using the form shown 
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in Figure 4-1, you must type a database name into the top field. If you don't, 
you see the error message No Database Selected. 



y to add a table begins with 

CREATE TABLE tablename 

Next comes a list of column names with definitions. The information for each 
column is separated from the information for the next column by a comma. 
The entire list is enclosed in parentheses. Each column name is followed by 
its data type (I explain data types in detail in Chapter 3) and any other defini- 
tions required. Here are some definitions that you can use: 

VNOT NULL: This column must have a value; it cannot be empty. 

V DEFAULT va 1 ue: This value is stored in the column when the row is cre- 
ated if no other value is given for this column. 

AUTO_INCREMENT: You use this definition to create a sequence number. 
As each row is added, the value of this column increases by one integer 
from the last row entered. You can override the auto number by assign- 
ing a specific value to the column. | 

V UNSIGNED: You use this definition to indicate that the values for this 
numeric field will never be negative numbers. 

The last item in a CREATE TABLE query indicates which column or combina- 
tion of columns is the unique identifier for the row — the primary key. Each 
row of a table must have a field or a combination of fields that is different for 
each row. No two rows can have the same primary key. If you attempt to add 
a row with the same primary key as a row that's already in the table, you get 
an error message, and the row is not added. The database design identifies 
the primary key (as I describe in Chapter 3). You specify the primary key by 
using the following format: 

CREATE TABLE Member ( 

loginName VARCHAR(20) NOT NULL PRIMARY KEY, 

createDate DATE NOT NULL) ; 

PRIMARY KEy icol umnname) 



The CO 1 umnname is enclosed in parentheses. If you're using a combination of 
columns as the primary key, include all the column names, separated by 
commas. For instance, you would designate the primary key for the Logi n 
table in the MemberDi rectory database by using this query: 

PRIMARY KEY ( 1 ogi nName , 1 ogi nTi me ) 

Listing 4-2 shows the CREATE TABLE query used to create the Member table 
of the MemberDi rectory database. You could enter this query on a single 
line if you wanted to. MySQL doesn't care how many lines you use. However, 
the format shown in Listing 4-2 makes it easier to read. This human-friendly 
format also helps you spot typos. 
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TABLE Member ( 

Name VARCHAR(20) NOT NULL, 

eDate DATE NOT NULL, 

password CHAR(255) NOT NULL, 

lastName VARCHAR(50), 

firstName VARCHAR(40), 

street VARCHAR(50), 

city VARCHAR(50), 

state CHAR(2), 

zip CHAR(IO), 

email VARCHAR(50), 

phone CHAR(15), 

fax CHAR(15), 
PRIMARY KEY(loginName) ) 



Notice that the list of column names in Listing 4-2 is enclosed in parentheses 
(one on the first line and one on the last line), and a comma follows each 
column definition. 




Remember not to use any MySQL reserved words for column names, as 
1 discuss in Chapter 3. If you do, MySQL gives you an error message that 
looks like this: 



You have an error in your SQL syntax near 'order var(20))' at line 1 

Notice this message shows the column definition that it didn't like and the 
line where it found the offending definition. However, the message doesn't tell 
you much about what the problem is. The error in your SOL syntax that 
it refers to is using the MySQL reserved word order as a column name. 

After a table has been created, you can query to see it, review its structure, 
or remove it. 

To see the tables that have been added to a database, use this SQL 
query: 

SHOW TABLES 

\^ You can also see the structure of a table with this query: 

SHOW COLUMNS FROM tablename 

You can remove any table with this query: 

DROP TABLE tablename 




Use DROP carefully because it is irreversible. After a table is dropped, it 
is gone forever And any data that was in it is gone as well. 
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base isn't written in stone. By using the ALTER query, you can 
e name of the table; add, drop, or rename a column; or change the 
data type or other attributes of the column. 

The basic format for this query is ALTER TABLE ta£)/er)ame, followed by the 
specific changes that you're requesting. Table 4-1 shows the changes that you 
can make. 



Table 4-1 Changes You Can Make with the ALTER Query 



Change 




Description 






ADD col umnname 
definition 




Adds a column; definition includ 
type and optional definitions. 


esthe data 


ALTER col umnname 
SET DEFAULT value 


Changes the default value for a column. 


ALTER col umnname 
DROP DEFAULT 


Removes the default value for a column. 


CHANGE col umnname 
newcol umnname 
definition 


C 

r 

tl 


ihanges the definition of a column ar 
enamesthe column; c/ef7n7£7on i 
he data type and optional definitions 


id 

ncludes 


DROP col umnname 


1 


[ 

c 


leletes a column, including all the data in the 
:olumn. The data cannot be recovered. 


MODIFY col umnname 
definition 


C 

c 


lhanges the definition of a column; 
definition includes the data type and 



optional definitions. 

RENAME newtabl ename Renames a table. 



Changing a database is not a rare occurrence. You might want to change 
your database for many reasons. For example, suppose that you defined 
the column 1 astName with VARCHAR(20) in the Member table of the 
MemberDi rectory database. At the time, 20 characters seemed sufficient for 
a last name. But now you just received a memo announcing the new CEO, 
John Schwartzheimer-Losertman. Oops. MySQL will truncate his name to the 
first 20 letters, a less-than-desirable new name for the boss. So you need to 
make the column wider — pronto. Send this query to change the column in a 
second: 



ALTER TABLE Member MODIFY lastName VARCHAR(50) 
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database is like an empty cookie jar — it's not much fun. And, 
searching an empty database is no more interesting or fruitful than searching 
an empty cookie jar. A database is only useful with respect to the information 
that it holds. 



A database needs to be able to receive information for storage and to deliver 
information on request. For instance, the MemberDi rectory database needs 
to be able to receive the member information, and it also needs to be able to 
deliver its stored information when you request it. For instance, if you want 
to know the address of a particular member, the database needs to deliver 
that information when you request it. 

Your MySQL database responds to four types of requests: 

1^ Adding information: Adding a row to a table. 

Updating information: Changing information in an existing row. This 
includes adding data to a blank field in an existing row. 

1^ Retrieving information: Looking at the data. This request does not 
remove data from the database. 

Removing information: Deleting data from the database. 

Sometimes your question requires information from more than one table. For 
instance, the question, "How much does a green dragon cost?" requires infor- 
mation from the Pet table and from the Col or table. You can ask this ques- 
tion easily in a single SE LECT query by combining the tables. 

In the following sections, I discuss how to receive and deliver information as 
well as how to combine tables. 



Add'mg^ information 

Every database needs data. For example, you might want to add data to your 
database so that your users can look at it — an example of this is the Pet 
Catalog that 1 introduce in Chapter 3. Or you might want to create an empty 
database for users to put data into, making the data available for your eyes 
only — an example of this is the Member Directory. In either scenario, data 
will be added to the database. 

If your data is still on paper, you can enter it directly into a MySQL database, 
one row at a time, by using an SQL query. However, if you have a lot of data, 
this process could be tedious and involve a lot of typing. Suppose that you 
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have information on 1,000 products that needs to be added to your database. 
Assuming that you're greased lightening on a keyboard and can enter a row 
te, that's 16 hours of rapid typing — well, rapid editing, anyway, 
ut not fun. On the other hand, suppose that you need to enter 5,000 
members of an organization into a database and that it takes five minutes to 
enter each member Now you're looking at over 400 hours of typing — who 
has time for that? 



If you have a large amount of data to enter, consider some alternatives. 
Sometimes scanning in the data is an option. Or perhaps you need to beg, 
borrow, or hire some help. In many cases, it could be faster to enter the data 
into a big text file than to enter each row in a separate SQL query. 

The SQL query LOAD can read data from a big text file (or even a small text 
file). So, if your data is already in a computer file, you can work with that file; 
you don't need to type all the data again. Even if the data is in a format other 
than a text file (for example, in an Excel, Access, or Oracle file), you can usu- 
ally convert the file to a big text file, which can then be read into your MySQL 
database. If the data isn't yet in a computer file and there's a lot of it, it might 
be faster to enter that data into the computer in a big text file and transfer it 
into MySQL as a second step. 

Most text files can be read into MySQL, but some formats are easier than 
others. If you're planning to enter the data into a big text file, read the sec- 
tion, "Adding a bunch of data," to find the best format for your text file. Of 
course, if the data is already on the computer, you have to work with the file 
as it is. 

I 

Adding one roW at a time 

You use the I NSERT query to add a row to a database. This query tells MySQL 
which table to add the row to and what the values are for the fields in the 
row. The general form of the query is 

INSERT INTO tablename (col umnname , col umname , columname) 

VALUES (value, val ue , . . . . ,val ue) 



The following rules apply to the I NSERT query: 



1^ Values must be listed in tlie same order in which the column names 
are listed. The first value in the value list is inserted into the column 
that's named first in the column list; the second value in the value list 
is inserted into the column that's named second in the column list; and 
so on. 

A partial column list is allowed. You don't need to list all the columns. 
Columns that are not listed are given their default value or left blank if 
no default value is defined. 
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A column list is not required. If you're entering values for all the 
columns, you don't need to list the columns at all. If no columns are 



d, MySQL will look for values for all the columns, in the order in 
h they appear in the table. 



Tlie column list and value list must be the same length. If the list of 
columns is longer or shorter than the list of values, you get an error 
message like this: Col umn count doesn't match value count. 



The following INSERT query adds a row to the Member table: 

INSERT INTO Member (loginName.createDate, password, lastName, 
street , city .state, zip, emai 1 , phone, fax) 
VALUES ("bigguy" ,"Z001-Dec-2" , "secret" , "Smith" , 
"1234 Happy St", "Las Vegas" , "NV" , "88888" , 
"gsmith@GSmithCompany.com" , "( 555 ) 555-5555" ,"" ) 



Notice that f i rstName is not listed in the column name list. No value is 
entered into the f i rstName field. If f i rstName were defined as NOT NULL, 
MySQL would not allow this, but because fi rstName is not defined as NOT 
NULL, this is okay. Also, if the definition for fi rstName included a default, the 
default value would be entered, but because it doesn't, the field is left empty. 
Notice that the value stored for fax is an empty string; MySQL has no prob- 
lem with empty strings. 

To look at the data that you entered and ensure that you entered it correctly, 
use an SQL query that retrieves data from the database. 1 describe these SQL 
queries in detail in "Retrieving information," later in this chapter. In brief, the 
following query retrieves all the data in the Member table: 



SELECT * FROM Member 



Addinq a bunch of data 

If you have a large amount of data to enter and it's already in a computer file, 
you can transfer the data from the existing computer file to your MySQL data- 
base. The SQL query that reads data from a text file is LOAD. The LOAD query 
requires you to specify a database. 

Because data in a database is organized in rows and columns, the text file 
being read must indicate where the data for each column begins and ends 
and where the end of a row is. To indicate columns, a specific character sepa- 
rates the data for each column. By default, MySQL looks for a tab character 
to separate the fields. However, if a tab doesn't work for your data file, you 
can choose a different character to separate the fields and tell MySQL in the 
query that a different character than the tab separates the fields. Also by 
default, the end of a line is expected to be the end of a row — although you 
can choose a character to indicate the end of a line if you need to. A data file 
for the Pet table might look like this: 
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Unicorn<TAB>horse<TAB>Spi ral horn<Tab>5000 . 00<Tab>/pix/uni corn. jpg 
Pegasus<TAB>horse<TAB>Wi nged<Tab>8000 . 00<Tab>/pix/pegasus . jpg 

>cat<TAB>Large; Mane on neck<Tab>2000.00<Tab>/pix/lion.jpg 



A data file with tabs between the fields is a tab-delimited file. Another common 
format is a comma-delimited file, where commas separate the fields. If your 
data is in another file format, you need to convert it into a delimited file. 



To convert data in another file format into a delimited file, check the manual 
for that software or talk to your local expert who understands the data's cur- 
rent format. Many programs, such as Excel, Access, or Oracle, allow you to 
output the data into a delimited file. For a text file, you might be able to con- 
vert it to delimited format by using the search-and-replace function of an 
editor or word processor For a truly troublesome file, you might need to seek 
the help of an expert or a programmer. 



The basic form of the LOAD query is 



LOAD DATA INFILE "datafi 1 ename" INTO TABLE tablename 



This basic form can be followed by optional phrases if you want to change a 
default delimiter. The options are 



FIELDS TERMINATED BY 'character' 
FIELDS ENCLOSED BY 'character' 
LINES TERMINATED BY 'character' 



Suppose that you have the data file for the Pet table, shown earlier in this 
section, except that the fields are separated by a comma rather than a tab. 
The name of the data file is pets.dat, and it's located in the same directory 
as the database. The SQL query to read the data into the table is 

LOAD DATA INFILE "pets.dat" INTO TABLE Pet 
FIELDS TERMINATED BY ' , ' 




In order to use the LOAD DATA INFILE query, the MySQL account must have 
the FILE privilege on the server host. 1 discuss MySQL account privileges in 
Chapter 5. 



To look at the data that you loaded — to be sure that it's correct — use an 
SQL query that retrieves data from the database. I describe these types of 
SQL queries in detail in the next section. In brief, use the following query to 
look at all the data in the table so that you can check it: 



SELECT * FROM Pet 
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purpose in storing information is to have it available when you need 
base lives to answer questions. What pets are for sale? Who are the 
members? How many members live in Arkansas? Do you have an alligator for 
sale? How much does a dragon cost? What is Goliath Smith's phone number? 
And on and on. You use the SE LECT query to ask the database questions. 



The simplest, basic SELECT query is 
SELECT * FROM tablename 



This query retrieves all the information from the table. The asterisk (*) is a 
wildcard meaning all the columns. 

The SE LECT query can be much more selective. SQL words and phrases in 
the SE LECT query can pinpoint exactly the information needed to answer 
your question. You can specify what information you want, how you want it 
organized, and what the source of the information is: 

You can request only the information (the columns) that you need to 
answer your question. For instance, you can request only the first and 
last names to create a list of members. 

You can request information in a particular order. For instance, you 
can request that the information be sorted in alphabetical order 

You can request information from selected objects (the rows) in your 
table. (See Chapter 3 for an explanation of database objects.) For 
instance, you can request the first and last names for only those mem- 
bers whose addresses are in Florida. 



Retrie(/in0 specific information 

To retrieve specific information, list the columns containing the information 
you want. For example: 

SELECT col umnname ,col umnname ,col umnname , . . . FROM tablename 

This query retrieves the values from all the rows for the indicated column(s). 
For instance, the following query retrieves all the last names and first names 
stored in the Member table: 



SELECT lastName.firstName FROM Member 



You can perform mathematical operations on columns when you select them. 
For example, you can use the following SELECT query to add two columns 
together: 



SELECT coll+col2 FROM tablename 
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Or you could use the following query: 

pri ce , pri ce*l . 08 FROM Pet 



result is the price and the price with the sales tax of 8 percent added on. 
You can change the name of a column when selecting it, as follows: 



SELECT price,price*l .08 AS priceWithTax FROM Pet 



The AS clause tells MySQL to give the name pri ceWi thTax to the second 
column retrieved. Thus, the query retrieves two columns of data: pri ce and 

pri ceWi thTax. 

In some cases, you don't want to see the values in a column, but you want to 
know something about the column. For instance, you might want to know the 
lowest value in the column or the highest value in the column. Table 4-2 lists 
some of the information that is available about a column. 



Table 4-2 Information That Can Be Selected 



SQL Format Description of Information 



MQiicol uwnname) 


Returns the average of all the values in co 1 umnname 


COiiliJ icol umnname) 


Returns 
not blan 


the number of rows in which co 7 umnname is 
k 


MAXicol umnname) 


Returns 


the largest value in co 7 umnname 




HlHicol umnname) 


Returns 


the smallest value in col umnname 





S\JM{ col umnname ) Returns the sum of all the values in co 1 umnname 



For example, the query to find out the highest price in the Pet table is 



SELECT MAX(price) FROM Pet 



^^^^^ 




SQL words like MAX ( ) and SUM( ) are functions. SQL provides many functions 
in addition to those in Table 4-2. Some functions, like those in Table 4-2, 
provide information about a column. Other functions change each value 
selected. For example, SORT( ) returns the square root of each value in the 
column, and DAY NAME ( ) returns the name of the day of the week for each 
value in a date column, rather than the actual date stored in the column. 
Over 100 functions are available for use inaSELECT query. For descriptions 
of all the functions, see the MySQL documentation at www . mysql . com/ 
documentati on. 



Chapter 4: Building the Database 



You might 

DropBocfe 



RetrieUin^ data in a specific order 

You might want to retrieve data in a particular order. For instance, in the 
[able, you might want members organized in alphabetical order by 
Or, in the Pet table, you might want the pets grouped by type 

of pet. 





In a SELECT query, ORDER BY and GROUP BY affect the order in which the 
data is delivered to you: 

ORDER BY: To sort information, use the phrase 

ORDER BY col umnname 

The data is sorted by co 1 umnname in ascending order For instance, if 
col umnname is 1 astName, the data is delivered to you in alphabetical 
order by the last name. 

You can sort in descending order by adding the word DESC before the 
column name. For example: 

SELECT * FROM Member ORDER BY DESC lastName 

i^* GROUP BY: To group information, use the following phrase: 

GROUP BY columnname 

The rows that have the same value of co 1 umnname are grouped together 
For example, use this query to group the rows that have the same value 

as petType: 

SELECT * FROM Pet GROUP BY petType 
You can use GROUP BY and ORDER BY in the same query. 



RetrieUinq data from a specific source 

Very frequently, you don't want all the information from a table. You only 
want information from selected database objects: that is, rows. Three SQL 
words are frequently used to specify the source of the information: 



i/* WHERE: Allows you to request information from database objects with 
certain characteristics. For instance, you can request the names of mem- 
bers who live in California, or you can list only the pets that are cats. 

LIMIT: Allows you to limit the number of rows from which information is 
retrieved. For instance, you can request all the information from the first 
three rows in the table. 

DISTI NCT: Allows you to request information from only one row of 
identical rows. For instance, in the Logi n table, you can request the 
1 ogi nName but specify no duplicate names, thus limiting the response 
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to one record for each member. This would answer the question, "Has 
the member ever logged in?" rather than the question "How many times 
the member logged in?" 



RE clause of the SELECT query enables you to make very complicated 
selections. For instance, suppose your boss asks for a list of all the members 
whose last names begin with B, who live in Santa Barbara, and who have an 8 
in either their phone or fax number. I'm sure there are many uses for such a 
list. You can get this list for your boss with a SELECT query by using a WHERE 
clause. 



The basic format of the WHERE clause is 



WHERE expression ANDjOR expression ANDjOR expression ... 

expressi on specifies a value to compare with the values stored in the data- 
base. Only the rows containing a match for the expression are selected. You 
can use as many expressions as needed, each one separated by AND or OR. 
When you use AND, both of the expressions connected by the AND (that is, 
both the expression before the AND and the expression after the AND) must be 
true in order for the row to be selected. When you use OR, only one of the 
expressions connected by the OR must be true for the row to be selected. 



Some common expressions are shown in Table 4-3. 



Table 4-3 




Expressions for the WHERE Clause 




Expression E 


xample 


Result 




column = 


va 1 ue 


z 


ip="12345" 


Selects only the rows 
where 12345 is stored in 
the column named zi p 


column > 


va 1 ue 


zip > "50000" 


Selects only the rows 
where the ZIP code is 










50001 or higher 




column >= 


■■ value 


zip >= "50000" 


Selects only the rows 
where the ZIP code is 
50000 or higher 


column < 


value 


zip < "50000" 


Selects only the rows 
where the ZIP code is 
49999 or lower 


column <= 


■■ value 


zip <= "50000" 


Selects only the rows 
where the ZIP code is 
50000 or lower 



Chapter 4: Building the Database 



Expression Example Result 



ipBooks 



n BETWEEN zip BETWEEN Selects only the rows 

'1 AND value2 "20000" AND where the ZIP code is 

"30000" greater than 19999 but 

less than 30001 



col umn IN {val uel , 


zip IN ("90001" , 


Selects only the rows 


va 1 ueZ , . . .) 


"30044") 


where the ZIP code is 






90001 or 30044 


column NOT IN 


zip NOT IN 


Selects only the rows 


( va 1 uel , va 1 ue2 , . . .) 


("90001" , 


where the ZIP code is 




"30044" ) 


any ZIP code except 






90001 or 30044 



column LIKE value — zip LIKE "9%" Selects all rows where 

value can contain the the ZIP code begins 

wildcards % (which matches with 9 

any string) and _ (which 
matches any character) 



column NOT LIKE zip NOT LIKE Selects all rows where 

value — i/a / ue can contain "9%" the ZIP code does not 

the wildcards % (which matches begin with 9 

any string) and _ (which 
matches any character) 



You can combine any of the expressions in Table 4-3 with ANDs and ORs. In 
some cases, you need to use parentheses to clarify the selection criteria. For 
instance, you can use the following query to answer your boss's urgent need 
to find all the people in the Member Directory whose names begin with B, 
who live in Santa Barbara, and who have an 8 in either their phone or fax 
number: 

SELECT lastName,firstName FROM Member 
WHERE lastName LIKE "B%" 
AND city = "Santa Barbara" 
AND (phone LIKE "%8%" OR fax LIKE "%8%") 

Notice the parentheses in the last line. You would not get the results that 
your boss asked for without the parentheses. Without the parentheses, each 
connector would be processed in order from the first to the last, resulting in 
a list that includes all members whose names begin with B and who live in 
Santa Barbara and whose phone numbers have an 8 in them and all members 
whose fax numbers have an 8 in them, whether they live in Santa Barbara or 
not and whether their name begins with a B or not. When the last 0 R is 
processed, members are selected whose characteristics match the expres- 
sion before the OR or the expression after the OR. The expression before the 
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OR is connected to previous expressions by the previous ANDs and so does 
not stand alone, but the expression after the 0 R does stand alone, resulting in 
tion of all members with an 8 in their fax number. 



specifies how many rows can be returned. The form for LIMIT is 
LIMIT startnumber .numberofrows 

The first row that you want to retrieve is sta rtnumber, and the number of 
rows that you want to retrieve is nuinberofrows. If startnumber is not speci- 
fied, 1 is assumed. To select only the first three members who live in Texas, 
use this query: 

SELECT * FROM Member WHERE state="TX" LIMIT 3 

Some SELECT queries will find identical records, but in this example, you only 
want to see one — not all — of the identical records. To prevent the query 
from returning all the identical records, add the word DISTINCT immediately 
after SELECT. 



Combining infomathn from tables 

In the earlier sections of this chapter, 1 assume that all the information you 
want is in a single table. However, you might want to combine information 
from different tables. You can do this easily in a single query. 

Two words can be used in a S E LECT query to combine information from two 
or more tables: 

I/' UNION: Rows are retrieved from one or more tables and stored together, 
one after the other, in a single result. For example, if your query selected 
6 rows from one table and 5 rows from another table, the result would 
contain 1 1 rows. 

JOI N: The tables are combined side by side, and the information is 
retrieved from both tables. 

moN 

UNION is used to combine the results from two or more select queries. The 
results from each query are added to the result set following the results of 
the previous query. The format of the UNION query is as follows: 

SELECT query UNION ALL SELECT query ... 

You can combine as many SELECT queries as you need to. A SELECT query 
can include any valid SELECT format, including WHERE clauses, LIMIT clauses, 
and so on. The rules for the queries are 
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*^ All the select queries must select the same number of columns. 

The columns selected in the queries must contain the same type of data. 



ts set will contain all the rows from the first query followed by all 
the rows from the second query and so on. The column names used in the 
results set are the column names from the first SE LECT query. 

The series of SELECT queries can select different columns from the same 
table, but situations in which you want a new table with one column in a 
table followed by another column from the same table are unusual. It's much 
more likely that you want to combine columns from different tables. For 
example, you might have a table of members who have resigned from the 
club and a separate table of current members. You can get a list of all mem- 
bers, both current and resigned, with the following query: 

SELECT lastName.firstName FROM Member UNION ALL 
SELECT lastName.firstName FROM OldMember 



The result of this query is the last name and first name of all current mem- 
bers, followed by the last name and first name of all the members who have 
resigned. 

Depending on how you organized your data, you might have duplicate names 
For instance, perhaps a member resigned, and his name is in the 01 dMember 
table — but he joined again, so his name is added to the Member table. If you 
don't want duplicates, don't include the word ALL. If ALL is not included, 
duplicate lines are not added to the result. 

You can use ORDER BY with each SELECT query, as I discuss in the previous 
section, or you can use ORDER BY with a U N 1 0 N query to sort all the rows in 
the result set. If you want ORDER BY to apply to the entire the result set, 
rather than just to the query that it follows, use parentheses as follows: 

(SELECT lastName FROM Member UNION ALL 

SELECT lastName FROM OldMember) ORDER BY lastName 




The UNION statement was introduced in MySQL 4.0. It is not available in 
MySQL 3. 



Join 

Combining tables side by side is a join. Tables are combined by matching 
data in a column — the column that they have in common. The combined 
results table produced by a join contains all the columns from both tables. 
For instance, if one table has two columns (memberlD and hei ght), and the 
second table has two columns (memberl D and we i ght), a join results in a 
table with four columns: memberl D (from the first table), height, memberl D 
(from the second table), and wei ght. 
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There are two common types of joins: an inner join and an outer join. The dif- 
ference between an inner join and an outer join is in the number of rows 
ludB4 in the results table. The results table produced by an inner join con- 
^(^1^ rows that existed in both tables. The combined table produced by 
an outer join contains all rows that existed in one table with blanks in the 
columns for the rows that did not exist in the second table. For instance, if 
tablel contains a row for Joe and a row for Sally, and tabl e2 contains only a 
row for Sally, an inner join would contain only one row: the row for Sally. 
However, an outer join would contain two rows — a row for Joe and a row for 
Sally — even though the row for Joe would have a blank field for we i g ht. 

The results table for the outer join contains all the rows for one table. If any 
of the rows for that table don't exist in the second table, the columns for the 
second table are empty. Clearly, the contents of the results table are deter- 



mined by which table contributes all its rows, requiring the second table to 
match it. Two kinds of outer joins control which table sets the rows and 
which match: a LEFT JOI N and a RI GHT JOIN. 

You use different SE LECT queries for an inner and the two types of outer 
joins. The following query is an inner join: 


SELECT col umnnamel i St FROM tablel, tc 

WHERE tablel. i 


Jble2 

:ol2 = table2.col 


2 


And these queries are outer joins 








SELECT col umnnamel i St FROI^ 
ON tablel .coll=tabl 


1 tablel LI 
e2.col2 


EFT JOIN table2 










SELECT col umnnamel i St FROM tablel RIGHT JOIN table2 
ON tablel .col l=table2 .col2 





In all three queries, tablel and t a b 1 e 2 are the tables to be joined. You can 
join more than two tables. In both queries, coll and col 2 are the names of 
the columns that are being matched to join the tables. The tables are 
matched based on the data in these columns. These two columns can have 
the same name or different names. The two columns must contain the same 
type of data. 

As an example of inner and outer joins, consider a short form of the Pet 
Catalog. One table is Pet, with the two columns petName and petType hold- 
ing the following data: 

petName petType 

Unicorn Horse 
Pegasus Horse 
Lion Cat 
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The second table is Col or, with two columns petName and petCol or holding 
the following data: 



petCol or 



Unicorn white 
Unicorn silver 
Fish Gold 

You need to ask a question that requires information from both tables. If you 
do an inner join with the following query: 

SELECT * FROM Pet, Color WHERE Pet. petName = Col or . petName 

you get the following results table with four columns: petName (from Pet), 
petType, petName (from Col or), and petCol or. 

petName petType petName petCol or 

Unicorn Horse Unicorn white 
Unicorn Horse Unicorn silver 



Notice that only Unicorn appears in the results table — because only 
Unicorn was in both of the original tables, before the join. On the other 
hand, suppose you do a left outer join with the following query: 



SELECT * FROM Pe 
ON Pet. 


t LEFT JO 
petName=C 


II 

0 


\| Color 
1 or . petNa 


me 





You get the following results table, with the same four columns — petName 
(from Pet), petType, petName (from Col or), and petCol or — but with dif- 
ferent rows: 



petName petType 

Unicorn Horse 

Unicorn Horse 

Pegasus Horse 

Lion Cat 



petName petCol or 

Unicorn white 

Unicorn silver 

<NULL> <NULL> 

<NULL> <NULL> 



This table has four rows. It has the same first two rows as the inner join, but 
it has two additional rows — rows that are in the PetType table on the left 
but not in the Col or table. Notice that the columns from the table Color are 
blank for the last two rows. 



And, on the third hand, suppose that you do a right outer join with the fol- 
lowing query: 



SELECT * FROM Pet RIGHT JOIN Color 

ON Pet . petName=Col or . petName 
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You get the following results table, with the same four columns, but with still 
different rows: 
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petType petName petColor 



Unicorn Horse Unicorn white 
Unicorn Horse Unicorn silver 
<NULL> <NULL> Fish Gold 



Notice that these results contain all the rows for the Color table on the right 
but not for the Pet table. Notice the blanks in the columns for the Pet table, 
which doesn't have a row for Fish. 



The joins that I've talked about so far find matching entries in tables. 
Sometimes it's useful to find out which rows in a table have no matching 
entries in another table. For example, suppose that you want to know who 
has never logged into your Members Only section. Because you have one 
table with the member's login name and another table with the dates when 
the user logged in, you can ask this question by using the two tables. Doing 
a join and looking at all the matches to try to see who is missing might be 
impossible with a large number of user names in the table. However, you can 



find out which login names do not have an entry in the login table with the 
following query: 


SELECT loginName 
ON Member 
WHERE Log 


from Memb 
. 1 ogi nName 
i n . 1 ogi nNa 


ler LEFT JOIN Login 
:=Logi n . 1 ogi nName 
me IS NULL 




This query will give you a list of a 
the Logi n table. 


ill the login names in Member that are not in 



Updating information 

Changing information in an existing row is updating the information. For 
instance, you might need to change the address of a member because she 
has moved, or you might need to add a fax number that a member left blank 
when he originally entered his information. 

The UPDATE query is very straightforward: 

UPDATE tablename SET col umn=\/a'\ue ,col umn=ya^ue , . . . 
WHERE clause 

In the SET clause, you list the columns to be updated and the new values 
to be inserted. List all the columns that you want to change in one query. 
Without a WHERE clause, the values of the column(s) would be changed in all 
the rows. But with the WHERE clause, you can specify which rows to update. 
For instance, to update an address in the Member table, use this query: 
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UPDATE Member SET street="3333 Giant St" 
phone=" 555-555-5555" 
WHERE 1 ogi nNarTie = "bi gguy " 



ipBooks 

Remo(/in0 information 



Keep the information in your database up to date by deleting obsolete infor- 
mation. You can remove a row from a table with the DELETE query: 



DELETE FROM tabl ename WHERE clause 




Be extremely careful when using DE LETE. If you use a DE LETE query without a 
WHERE clause, it will delete all the data in the table. 1 mean all the data. 1 repeat, 
all the data. The data cannot be recovered. This function of the DELETE query 
is right at the top of my don't-try-this-at-home list. 



You can delete a column from a table by using the ALTER query: 
ALTER TABLE tablename DROP col umnname 



Or, of course, you could remove the whole thing and start over again with: 



DROP TABLE tablename 

I 

or 



DROP DATABASE databasename 
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Chapter 5 

^^^rotecting Your Data 



In This Chapter 




► Understanding MySQL data security 




^ Adding new MySQL accounts 




^ Modifying existing accounts 




^ Changing passwords 




^ Making backups 




► Repairing data 




^ Restoring data 




m/ our data is essential to your Web database application. Storing and/or 


presenting data are major activities of your Web database application. 


You have spent valuable time developing your database, and it contains 


important information entered by you or by your users. You need 


to protect 


it. In this chapter, 1 show you how. 





Controttin^ Access to \!our Data 



You need to control access to the information in your database. You need to 
decide who can see the data and who can change it. Imagine what would 
happen if your competitors could change the information in your online 
product catalog or copy your list of customers — you'd be out of business 
in no time flat. Clearly, you need to guard your data. 

MySQL provides a security system for protecting your data. No one can 
access the data in your database without an account. Each MySQL account 
has the following attributes: 

11^ A name 
1^ A hostname — the machine from which the account can access the 
MySQL server 
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I *^ A password 

A set of permissions 



's your data, someone must use a valid account name and know the 
password associated with that account. In addition, that person must be con- 
necting from a computer that is permitted to connect to your database via 
that specific account. 

After the user is granted access to the database, what he or she can do to 
the data depends on what permissions have been set for the account. Each 
account is either allowed or not allowed to perform an operation in your data- 
base, such as SELECT, DELETE, INSERT, CREATE, DROP, and so on. The settings 
that specify what an account can do are privileges or permissions. You can set 
up an account with all permissions, no permissions, or anything in between. 
For instance, for an online product catalog, you want the customer to be able 
to see the information in the catalog but not be able to change it. 

When a user attempts to connect to MySQL and execute a query, MySQL con- 
trols access to the data in two stages: 

1. Connection verification: MySQL checks the validity of the account name 
and password and checks whether the connection is coming from a host 
that is allowed to connect to the MySQL server by using the specified 
account. If everything checks out, MySQL accepts the connection. 

2. Request verification: After MySQL accepts the connection, it checks 
whether the account has the necessary permissions to execute the spec- 
ified query. If it does, MySQL executes the query. 

Any query that you send to MySQL can fail either because the connection is 
rejected in the first step or because the query is not permitted in the second 
step. An error message is returned to help you identify the source of the 
problem. 

In the following few sections, 1 describe accounts and permissions in more 
detail. 



Understanding^ account 
names and hostnames 

Together, the account name and hostname (the name of the computer that is 
authorized to connect to the database) identify a unique account. Two 
accounts with the same name but different hostnames can exist and can have 
different passwords and permissions. However, you cannof have two 
accounts with the same name and the same hostname. 
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The MySQL server will accept connections from a MySQL account only when 
it is connecting from hostname. When you build the GRANT or REVOKE query 
.describe later in this chapter), you identify the MySQL account by 
h the account name and the hostname in the following format: 

name@hostnanie (for instance, root@l ocal host). 




The MySQL account name is completely unrelated in any way to the 
Unix/Linux or Windows user name (also sometimes called the login name). If 
you're using an administrative MySQL account named root, it is not related 
to the Unix/Linux root login name. Changing the MySQL login name does not 
in any way affect the Unix/Linux or Windows login name — and vice versa. 

MySQL account names and hostnames are defined as follows: 



An account name can be up to 16 characters long. You can use special 
characters in account names, such as a space or hyphen ( ). However, 
you cannot use wildcards in the account name. 

1^ An account name can be blank. If an account exists in MySQL with 
a blank account name, any account name will be valid for that account. 
A user could use any account name to connect to your database, given 
that the user is connecting from a hostname that is allowed to connect 
to the blank account name and uses the correct password, if required. 
You can use an account with a blank name to allow anonymous users to 
connect to your database. 

The hostname can be a name or an IP address. For example, it can be a 
name such as thor. my company. com or an IP (Internet protocol) address 
such as 192.163.2.33. The machine on which the MySQL server is 
installed is 1 ocal host. 

Wildcards can be used in the hostname. You can use a percent sign (%) 
as a wildcard; % matches any hostname. If you add an account for 
g e 0 r g e@% , someone using the account named g e o r g e can connect to 
the MySQL server from any computer. 

1/^ The hostname can be blank. A blank hostname is the same as using % 
for the hostname. 



An account with a blank account name and a blank hostname is possible. 
Such an account would allow anyone to connect to the MySQL server by 
using any account name from any computer. An account with a blank name 
and a percent sign (%) for the hostname is the same thing. It is very unlikely 
that you would want such an account. Such an account is sometimes 
installed when MySQL is installed, but it's given no privileges, so it can't do 
anything. 



Part II: MySQL Database 




When MySQL is installed, it automatically installs an account with all privi- 
leges: root@l ocal host. This account is installed without a password. Anyone 
gged in to the computer on which MySQL is installed can access 
d do anything to it by using the account named root. (Of course, 
root is a well-known account name, so this account is not very secure. If 
you're the MySQL administrator, you should add a password to this account 
immediately.) 



On some operating systems, additional accounts besides root@l ocal host 
are automatically installed. For instance, on Windows, an account called 
root@% might be installed with no password protection. This root account 
with all privileges can be used by anyone from any machine. You should 
remove this account immediately or, at the very least, give it a password. 



Finilin0 out about passwords 

A password is set up for every account. If no password is provided for the 
account, the password is blank, which means that no password is required. 
MySQL doesn't have any limit for the length of a password, but sometimes 
other software on your system limits the length to eight characters. If so, any 
characters after eight are dropped. 

For extra security, MySQL encrypts passwords before it stores them. That 
means passwords are not stored in the recognizable characters that you 
entered. This security measure ensures that no one can look at the stored 
passwords and see what they are. 

Unfortunately, some bad people out there might try to access your data by 
guessing your password. They use software that tries to connect rapidly in 
succession using different passwords — a practice called cracking. The fol- 
lowing are some recommendations for choosing a password that is as diffi- 
cult to crack as possible: 

Use six to eight characters. 

1/^ Include one or more of each of the following — uppercase letter, lower- 
case letter, number, and punctuation mark. 

Do not use your account name or any variation of your account name. 

V Do not include any word that's in a dictionary. 

V Do not include a name. 

Do not use a phone number or a date. 

A good password is hard to guess, does not include any word in any dictio- 
nary (including foreign language dictionaries), and is easy to remember. If it's 
too hard to remember, you might need to write it down, which defeats the 
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purpose of having a password. One way to create a good password is to use 
the first characters of a favorite phrase. For instance, you could use the 
11 for one! One for all!" to make this password: 



'a! 



This password doesn't include any numbers, but you can fix that by using the 
numeral 4 instead of the letter f. Then your password is 

A4o!04a! 

Or you could use the number 1 instead of the letter o to represent one. Then 
the password is 

A41!14a! 

This password is definitely hard to guess. Other ways to incorporate num- 
bers into your passwords include substituting 7 (one) for / (ell) or substitut- 
ing 0 (zero) for the letter o. 



Taking a took at account permissions 

Account permissions are used by MySQL to specify who can do what. Anyone 
using a valid account can connect to the MySQL server, but he or she can 
only do those things that are allowed by the permissions for the account. For 
example, an account might be set up so that users can select data but cannot 
insert data nor update data. 

Permissions can be granted for particular databases, tables, or columns. For 
instance, an account can be set up that allows the user to select data from all 
the tables in the database but insert data into only one table and update on 
only a single column in a specific table. 

Permissions are added by using the GRANT query and removed by using the 
REVOKE query. The GRANT or REVOKE query must be sent using an account 
that has permission to execute GRANT or REVOKE statements in the database. 
If you attempt to send a GRANT query or a REVOKE query by using an account 
without grant permission, you get an error message. For instance, if you try 
to grant permission to use a select command, and you send the query using 
an account that does not have permission to grant permissions, you might 
see the following error message: 

grant cormnand denied 

Permissions can be granted or removed individually or all at once. Table 5-1 
lists some permissions that you might want to assign or remove. 
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ALTER 



CREATE 



DELETE 



DROP 



FILE 



GRANT 



INSERT 



SELECT 



SHUTDOWN 



UPDATE 



USAGE 



MySQL Account Permissions 



Description 



All permissions 



Can alter the structure of tables 



Can create new databases ortables 



Can delete rows in tables 



Can drop databases or tables 



Can read and write files on the server 



Can change the permissions on a MySQL account 



Can insert new rows into tables 



Can read data from tables 



Can shut down the MySQL server 



Can change data in a table 



No permissions at all 



Granting ALL is not a good idea because it includes permissions for adminis- 
trative operations, sucfi as sfiutting down the MySQL server. You are unlikely 
to want anyone other than yourself to have such sweeping privileges. 



Setting Up MifSQL Accounts 

When creating a new account, you specify the password, the name(s) of the 
computer(s) allowed to access the database using this account, and the per- 
missions; however, you can change these at any time. All the account infor- 
mation is stored in a database named mysql that is automatically created 
when MySQL is installed. To add a new account or change any account infor- 
mation, you must use an account that has the proper permissions on the 
mysql database. 

You need at least one account in order to access the MySQL server When 
MySQL is installed, it automatically sets up some accounts, including an 
account called root that has all permissions. If you have MySQL access 
through a company Web site or a Web hosting company, the MySQL adminis- 
trator for the company should give you the account; the account is probably 
not named root, and it might or might not have all permissions. 
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When MySQL is installed, it automatically cre- 
ates a database called mysql . All the informa- 
tion used to protect your data is stored in this 
database, including account names, host- 
names, passwords, and permissions. 

Permissions are stored in columns. The format 
of each column name is permi ssi on_pri v 
where permi ssi on is one of the permissions 
shown in Table 5-1. For instance, the column 
containing ALTER permissions is named 
al ter_pri v. The value in each permission 
column is Y or N, meaning yes or no. So, for 
instance, in the user table (described in the fol- 
lowing list), there would be a rowforan account 
and a column for al ter_pri v. If the account 
field for al ter_pri v contains Y, the account 
can be used to execute an ALTER query. If 
al ter_pri v contains N, the account doesn't 
have permission to execute an ALTER query. 

The mysql database contains the following five 
tables that store permissions: 

user table: This table stores permissions 
that apply to all the databases and tables. It 
contains a row for each valid account with 
user name, hostname, and password. The 
MySQL server will reject a connection for 
an account that does not exist in this table. 

db table: This table stores permissions that 
apply to a particular database. It contains a 
row for the database, which gives permis- 
sions to an account name and hostname. The 
account must exist in the user table for the 
permissions to be granted. Permissions that 
are given in the user table overrule permis- 
sions in this table. For instance, if the user 
table has a rowforthe account designerthat 
gives INSERT privileges, designer can insert 



urity database 

into allthe databases. If a rowinthe dbtable 
shows N for INSERT for the designer 
account in the PetCatalog database, the 
user table overrules it, and designer can 
insert in the PetCatal og database. 

1^ host table: This table controls access to a 
database depending on the host. The host 
table works with the dbtable. If a row in the 
db table has an empty field for the host, 
MySQL checks the host table to see 
whetherthe db has a row there. Inthis way, 
you can allow access to a db from some 
hosts but not from others. For instance, say 
you have two databases: dbl and db2. The 
dbl database has information that is very 
sensitive, so you only want certain people 
to see it The db2 database has information 
that you want everyone to see. If you have 
a row in the db table for dbl with a blank 
hostfield, you can have two rowsfordbl 
in the host table. One row can give all per- 
missions to users connecting from a spe- 
cific host, whereas another row can deny 
privileges to users connecting from any 
other host. 

1^ tabl es_pri vtable: This table stores per- 
missions that apply to specific tables. 

columns_priv table: This table stores 
permissions that apply to specific columns. 

You can see and change the tables in mysql 
directly if you're using an account that has the 
necessary permissions. You can use SQL 
queries such as SELECT, INSERT, UPDATE, 
and others. If you're accessing MySQL through 
your employer, a client, or a Web hosting com- 
pany, it is unlikely that you will be given an 
account that has the necessary permissions. 
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In the rest of this section, I describe how to add and delete accounts and 
change passwords and permissions for accounts. If you have an account that 
jved from your company IT department or from a Web hosting com- 
might receive an error when you try to send any or some of the 
REVOKE queries described. If your account is restricted from per- 
forming any of the necessary queries, you need to request an account with 
more permissions or ask the MySQL administrator to add a new account or 
make the changes that you need. 



lilentifyin^ u/fiat accounts currenttij^ exist 

To see what accounts currently exist for your database, you need an account 
that has the necessary permissions. Try to execute the following query on a 
database named mysql : 

SELECT * FROM user '^f 

You should get a list of all the accounts. However, if you're accessing MySQL 
through your company or a Web hosting company, you probably don't have 
the necessary permissions. In that case, you might get an error message 
like this: 

No Database Selected 

This message means that your account is not allowed to select the mysql 
database. Or you might get an error message saying that you don't have 
SELECT permission. Even though this message is annoying, it's good in the 
sense that it's a sign the company has good security measures in place. 
However, it's bad in the sense that you can't see what privileges your account 
has. You must ask your MySQL administrator or try to figure it out yourself 
by trying queries and seeing whether you're allowed to execute them. 



Adding^ neu/ accounts and 
changing permissions 

The preferred way to access MySQL from PHP is to set up an account specifi- 
cally for this purpose with only the permissions that are needed. In this sec- 
tion, I describe how to add new accounts and change permissions. If you're 
using an account given to you by a company IT department or a Web hosting 
company, it might or might not have all the permissions needed to create a 
new account. If it doesn't, you won't be able to successfully execute the 
GRANT query to add an account, and you'll have to request a second account 
to use with PHP 
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If you need to request a second account, get an account with restricted per- 
mission (if at all possible) because your Web database application will be 
je^ure if the account used in your PHP programs doesn't have more 
^j/r|\\^^ than are necessary. 

You use the same GRANT query to set up a new account or to change the 
password or add permissions for an existing account. If the account already 
exists, the GRANT query changes the password or adds permissions. If the 
account doesn't yet exist, the GRANT query adds a new account. 

Here is the general format for a GRANT query: 

GRANT permi ssi on (columns) ON tablename 

TO accountname§hostname IDENTIFIED BY 'password' 

You can use this GRANT query to create a new account or change an existing 
account. You need to fill in the following information: 

j 1/^ permi ss ion ( col umns ): You must list at least one permission. You can 
limit each permission to one or more columns by listing the column 
name in parentheses following the permission. If no column name is 
listed, the permission is granted on all columns in the table(s). You can 
list as many permission/columns as needed, separated by commas. The 
possible permissions are listed in Table 5-1. For instance, a GRANT query 
might start with this: 

GRANT select ( f i rstName , 1 astName ) , update, 
i nsert ( bi rthdate ) ... 

V tabl ename: This indicates which tables the permission is granted on. At 
least one table is required. You can list several tables, separated by 
commas. The possible values for tab 1 ename are 

• tabl ename: The entire table named tabl ename in the current data- 
base. You can use an asterisk (*) to mean all tables in the current 
database. If you use an asterisk and no current database is 
selected, the privilege will be granted to all tables on all databases. 

• databasename .tabl ename: The entire table named tabl ename in 
databasename. You can use an asterisk (*) for either the database 
name or the table name to mean all. Using * . * grants the permis- 
sion on all tables in all databases. 

1/^ accountname@hostname: If the account already exists, it is given the 
indicated permissions. If the account doesn't exist, it's added. The 
account is identified by the accountname and hostname as a pair If an 
account exists with the specified account name but a different host- 
name, the existing account is not changed; a new one is created. 

1/^ password: This is the password that you're adding or changing. A pass- 
word is not required. If you don't want to add or change a password for 
this account, leave out the entire phrase IDENTIFIED BY 'password ' . 
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The GRANT query to add a new account for use in the PHP programs for the 
PetCatalog database might be 



elect ON PetCatalog.* TO phpuser@l ocal host 
IDENTIFIED BY 'A41!14a! ' 



Adding^ and changing passwords 

You can add or change passwords by using the GRANT query. You can include 
a password requirement when you add a new account, as I describe in the 
preceding section. If an account already exists, you can change its password 
by using the following GRANT query: 

GRANT permi ssi on ON * TO accountname@hostname 
IDENTIFIED BY 'password' 

You need to fill in the following information: 

V permi ssi on: You must list at least one permission in a GRANT query. If 
the permission has already been granted, it is not changed. 

accountname@hostname: It the account already exists, it's given the indi- 
cated permission and password. If the account doesn't exist, the account 
is added. The account is identified by the accountname and hostname as 
a pair. If an account exists with the specified account name but a different 
hostname, the account is not changed; a new one is created. 

password: The password in the GRANT query replaces the existing pass- 
word. If you supply an empty password using 

IDENTIFIED BY ' ' 

the existing password is replaced with a blank, leaving the account with 
no password. For tips on choosing a good password, check out the 
"Finding out about passwords" section, earlier in the chapter 



Remo(/ing permissions 

To remove permissions, use the REVOKE query. The general format is 



REVOKE permi ssi on (.columns) ON tablename 
FROM accountname@hostname 
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i ssi on (col umns ) : You must list at least one permission. You can 
ve each permission from one or more columns by listing the 
column name in parentheses following the permission. If no column 
name is listed, the permission is removed from all columns in the 
table(s). You can list as many permission/columns as needed, separated 
by commas. The possible permissions are listed in Table 5-1. For 
instance, a REVOKE query might start like this: 

REVOKE select (fi rstName,! astName) , update, insert (birthdate) ... 

tabl ename: Indicate which tables the permission is being removed from. 
At least one table is required. You can list several tables, separated by 
commas. The possible values for tab 1 ename are 

• tab! ename: The entire table named tab! ename in the current data- 
base. You can use an asterisk (*) to mean all tables. If you use an 
asterisk when no current database is selected, the privilege will be 
revoked on all tables on all databases. 

• databasename . tab 1 ename: The entire table named tab 1 ename in 
databasename. You can use an asterisk (*) for either the database 
name or the table name to mean all. Using * . * revokes the permis- 
sion on all tables in all databases. 

accountname@hostname: The account is identified by the accountname 
and hostname as a pair If an account exists with the specified account 
name but a different hostname, the REVOKE query will fail, and you will 
receive an error message. 



Renio(/in^ accounts 

Removing an account is usually not necessary. If you created an account with 
permissions that you don't want, just change the permissions. If you don't 
want to use an account, remove all the permissions so that the account can't 
do anything. To remove all the permissions for an account, use a REVOKE 
query with the following syntcix: 

REVOKE all ON *.* FROM accountname@hostname 

To actually be able to remove an account, you need an account with the nec- 
essary permissions on the mysql database. You need to use a DELETE query 
on the user table in the mysql database. For more information on the struc- 
ture of the mysql security database, see "The MySQL security database" side- 
bar, elsewhere in this chapter Be careful using a DELETE query because with 
incorrect format, it can remove the wrong account or even all the accounts. 
See the discussion of the DELETE command at the end of Chapter 4. 



Part II: MySQL Database 



Backing Up \lour Data 

DBooks 

occur rar 



to have at least one copy of your valuable database. Disasters 
occur rarely, but they do occur. The computer where your database is stored 
can break down and lose your data, the computer file can become corrupted, 
the building can burn down, and so on. Backup copies of your database 
guard against data loss from such disasters. 

You should have at least one backup copy of your database, stored in a loca- 
tion that is separate from the copy that is currently in use. More than one 
copy — perhaps as many as three — is usually a good idea. 

Store one copy in a handy location, perhaps even on the same computer, 
to quickly replace a working database that has been damaged. 

Store a second copy on another computer in case the computer breaks 
down, and the first backup copy isn't available. 

Store a third copy in a completely different physical location, for that 
remote chance that the building burns down. If the second backup copy 
is stored via network on a computer at another physical location, this 
third copy isn't needed. 

^ ^ If you don't have access to a computer offsite where you can back up 

your database, you can copy your backup to a portable medium, such 
as a tape or a CD, and store it offsite. Certain companies will store your 
computer media at their location for a fee, or you can just put the media 
in your pocket and take it home. 



If you use MySQL on someone else's computer, such as the computer of your 
employer or a Web hosting company, the people who provide your access are 
responsible for backups. They should have automated procedures in place 
that make backups of your database. A good question to ask when evaluating 
a Web hosting company is what its backup procedures are. You want to know 
how often backup copies are made and where they are stored. If you aren't 
confident that your data is safe, you can discuss changes or additions to the 
backup procedures. 

If you are the MySQL administrator, you are responsible for making backups. 
MySQL provides a program called mysql dump that you can use to make backup 
copies; mysql dump creates a text file that contains all the SQL statements 
needed to re-create your entire database. The file contains the CREATE state- 
ments for each table and I NSERT statements for each row of data in the tables. 
You can restore your database by executing the set of MySQL statements. You 
can restore it in its current location, or you can restore it on another computer 
if necessary. 
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Follow these steps to make a backup copy of your database in 
Linux/Unix/Mac: 




ge to the bi n subdirectory in the directory where MySQL is 
installed. 

For instance, type cd /usr/local/mysql/bin. 

2. Type the following: 

mysqldump - -user=accountnanie - -password=password 
databasename >path/backupfi 1 ename 

where 

• accountname is the name of the MySQL account that you're using 
to back up the database. 

• password is the password for the account. 

• databasename is the name of the database that you want to back up. 

• path/backupfi 1 ename is the path to the directory where you 
want to store the backups and the name of the file that the SQL 
output will be stored in. 

The account that you use needs to have select permission. If the 
account doesn't require a password, you can leave out the entire pass- 
word option. 

You can type the command on one line, without pressing Enter. Or you 
can type a backslash (\), press Enter, and then continue the command 
on another line. 

For example, to back up the PetCatalog database, the command might be 

mysqldump --user=root - -password=bi gsecret PetCatalog \ 
>/usr/local /mysql / backups /PetCatal ogBackup 

Note: The Linux/Unix account that you are logged into must have per- 
mission to write a file into the backup directory. 

To make a backup copy of your database in Windows, follow these steps: 

1. Open a command prompt window. 

For instance, choose StartOProgramsOMS-DOS prompt. 

2. Change to the bi n subdirectory in the directory where MySQL is 
installed. 

For instance, type cd c:\mysql\bin. 
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3. Type the following: 

mysql dump . exe - -user=accountname - -password=password 
databasename >path\backupfi 1 ename 



*5» 



• accountname is the name of the MySQL account that you're using 
to back up the database. 

• password is the password for the account. 

• databasename is the name of the database that you want to 
back up. 

• path\backupfi 1 ename is the path to the directory where you 
want to store the backups and the name of the file that the SQL 
output will be stored in. 

The account that you use needs to have select permission. If the 
account does not require a password, you can leave out the entire pass- 
word option. 

You must type the mysql dump command on one line without pressing 
Enter 

For example, to back up the PetCatalog database, the command 
might be 

mysqldump.exe --user=root PetCatalog >PetCatal ogBackup 

Backups should be made at certain times — at least once per day. If your 
database changes frequently, you might want to back up more often. For 
example, you might want to back up to the backup directory hourly but back 
up to another computer once a day. 



Restoring \lour Data 

At some point, one of your database tables might become damaged and unus- 
able. It's unusual, but it happens. For instance, a hardware problem or an unex- 
pected shutdown of the computer can cause corrupted tables. Sometimes an 
anomaly in the data that confuses MySQL can cause corrupt tables. In some 
cases, a corrupt table can cause your MySQL server to shut down. 

Here is a typical error message that signals a corrupted table: 

Incorrect key file for table: 'tablename'. 
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In some cases, you can repair the corrupted data table(s) by using a repair 
utility provided with MySQL. If the repair utihty doesn't restore the corrupted 
o working order, all is not lost — you can replace the corrupted 
ith the data stored in a backup copy. In some cases, the database 
might be lost completely. For instance, if the computer where your database 
resides breaks down and can't be fixed, your current database is lost, but 
your data isn't gone forever. You can replace the broken computer with a new 
computer and restore your database from a backup copy. 



Repairing tables 




Often a damaged database can be fixed. MySQL provides a utility called 
myi samchk that repairs tables. If you're accessing MySQL on your employer's 
or client's computer or through a Web hosting company, you need to contact 
the MySQL administrator to run myi samchk for you. 

If you are the MySQL administrator, you can run my i samch k yourself. To use 
my i samch k on Linux/Unix/Mac, follow these steps: 

1. Change to the bi n subdirectory in the directory where MySQL is 
installed. 

For instance, type cd /usr/local/mysql/bin. 

2. Stop the MySQL server by typing this query: 

mysqladmin -u accountname -p shutdown 

where u accountname specifies the name of an account to be used to 
connect to MySQL. 

The account must have shutdown permission. If the account does not 
require a password, leave out the - p. If you include - p, you will be asked 
for your password. 

3. Type the following: 

myisamchk -r path/databasename/tabl ename .M^ I 

Include the complete path to your data directory, followed by the data- 
base name, the table name, and .MYI. You can use an asterisk (*) as a 
wildcard. For instance, to repair all the tables in the PetCatal og data- 
base, you might type 

myisamchk -r . . /data/PetCatal og/*.MYI 

The - r option is the recover option. After you type the statement, you 
see output on the screen showing which tables are being checked. 

4. Start the MySQL server by typing the following: 

mysqladmin -u accountname -p start 
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To use myi samchk on Windows, follow these steps: 
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n a command prompt window. 

nstance, choose StartOProgramsOMS-DOS prompt. 



Change to the bi n subdirectory in the directory where MySQL is 
installed. 

For instance, type cd c:\mysql\bin. 
Stop the MySQL server by typing 

mysql admi n -u accountname -p shutdown 

where accountname is the name of an account with shutdown permis- 
sion. If the account does not require a password, leave out the - p. If you 
include - p, you will be prompted for your password. 

Type the following: 

myisamchk -r path/databasename/tabl ename .M^ I 

Include the complete path to your data directory, followed by the data- 
base name, the table name, and . HY I . You can use an asterisk (*) as a 
wildcard. The - r option is the recover option. For instance, to repair all 
the tables in the PetCatalog database, you might type 

myisamchk -r . . \data\PetCatal og\*.MYI 

After you enter this statement, you see output on the screen showing 
which tables are being checked. Wait for myi samchk to finish running. 

Start your MySQL server by typing the following; 

mysqladmin -u accountname -p start 

If your table still isn't working after you run this command, try running 
the myisamchk utility again by using the - o option instead of the - r 
option. The - o option is an older repair process that is much slower 
than the - r option, but it handles some cases that the - r option can't 
handle. 



Restoring from a backup copi^ 

If repairing your data doesn't return the database to working condition or if 
your database is completely unavailable, such as in the case of a computer fail- 
ure, you can replace your current database table(s) with the database stored 
in a backup copy. The backup copy contains a snapshot of the data as it was 
when the copy was made. Any changes to the database since the backup copy 
was made are not included; you have to re-create those changes manually. 
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Again, if you access MySQL through an IT department or through a Web hosting 
company, you need to ask the MySQL administrator to restore your database 
ckup. If you're the MySQL administrator, you can restore it yourself. 



describe in Chapter 4, you build a database by creating the database and 
then adding tables to the database. The backup that you create with the 
mysql dump utility is a file that contains all the SQL statements necessary to 
rebuild all the tables, but it does not contain the statements needed to create 
the database. 

Your database might not exist at all, or it could exist with one or more cor- 
rupted tables. You can restore the entire database or any single table. Follow 
these steps to restore a single table: 

1. If the table currently exists, delete the table with the following SQL 
query: 

DROP TABLE tablename 

where tab 1 ename is the table that you want to delete. 

2. Point your browser at mysql s end. php. 

For a description of mysql _s end. php, see Chapter 4. 

3. Copy the CREATE query for the table from the backup Hie into the 
form in the browser window. 

For instance, choose EditOCopy and EditOPaste. 

4. Type the name of the database in which you are restoring the table. 
The form shows where to type the database name. 

5. Click Submit. 

A new Web page shows the results of the query. 

6. Click New Query. 

7. Copy an I NSERT query for the table from the backup file into the form 
in the browser window. 

For instance, choose EditOCopy and EditOPaste. 

8. Type the name of the database in which you are restoring the table. 
The form shows where to type the database name. 

9. Click Submit. 

A new Web page shows the results of the query. 

10. Click New Query. 

11. Repeat Steps 7-10 until all the INSERT queries from the backup file 
have been sent. 
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If you have so many I NSERT queries for the table that sending them one by 
one would take forever — or if there are just a lot of tables — you can send 
eries in the backup file at once by following these steps: 



any of the tables in the backup file currently exist, delete them with 
the following SQL query: 

DROP TABLE tablename 

where tab 1 ename is the table that you want to delete. 

Change to the bi n subdirectory in the directory where MySQL is 
installed. 

On Linux/Unix/Mac: 

Type a cd command to change to the correct directory (for 
instance, type cd /usr/local/mysqi/bin). 

On Windows: 

a. Open a command prompt window. 

For instance, choose StartOProgramsOAccessoriesOCommand 
Prompt. 

b. Type a cd command to change to the correct directory (for 
instance, type cd c:\mysql\bin). 

Type the command that sends the SQL queries in the backup file. 

On Linux/Unix/Mac: 
Type 

nysql -u dccountname -p datdbdsendme < path/bdckupfi 1 ename 
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where accountname is an account that has create permission. If 
the account doesn't require a password, leave out the p. If you 
use the - p , you will be asked for the password, databasename is 
the existing database in which you want to build all the tables. Use 
the entire path and filename for the backup file. For instance, a 
command to restore the PetCatal og database might be 

nysql -u root -p PetCatalog < /usr/backupfiles/PetCatalog.bak 

On Windows: 

Type 

nysql -u accountname -p databasename < path\backupname 

where accountname is an account that has create permission. If 
the account doesn't require a password, leave out the p. If you 
use the - p , you will be asked for the password, databasename is 
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the existing database in which you want to build all the tables. Use 
the entire path and filename for the backup file. For instance, a 
command to restore the PetCatalog database might be 

nysql -u root -p PetCatalog < c:\mysql\bak\PetCatalog.bak 



The tables might take a short time to restore. Wait for the command to 
finish. If a problem occurs, an error message is displayed. If no problems 
occur, you see no output. When the command is finished, the prompt 
appears. 

To restore only selected tables from the backup file, make a file that contains 
only the queries for the selected tables that you want to restore. Then follow 
Steps 1-3 in the preceding list. In Step 3, type the path name or filename for 
the file with the subset of queries that you want instead of the full backup file. 

If the database is not there at all, you need to create it before you can use the 
queries in the backup file to rebuild all the tables. To restore the database 
when nothing exists, use the following steps: 



1. Add the following two lines to the top of the backup file: 

CREATE DATABASE databasename; 
use databasename; 

where databasename is the name of the database that you want to 



restore. For instance, the commands for 


the PetCatal og database are 


CREATE DATABASE PetCatalog; 
use PetCatalog; 






Note: Make sure that you add a semicolon ( ; ) at the end of each line. 



2. Change to the bi n subdirectory in the directory where MySQL is 
installed. 



On Linux/Unix/Mac: 

Type a cd command to change to the correct directory (for 
instance, type cd /usr/local/mysql/bin). 

On Windows: 

a. Open a command prompt window. 

For instance, choose StartOProgramsOAccessoriesOCommand 
Prompt. 

b. Type a cd command to change to the correct directory (for 
instance, type cd c:\mysql\bin). 
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3. Type the command that sends the SQL queries in the backup file. 

On Linux/Unix/Mac: 
Type this: 

mysql -u accountname -p < path/backupfi 1 ename 

where accountname is an account that has create permission. If 
the account doesn't require a password, leave out the p. If you 
use the p, you will be asked for the password. Use the entire path 
and filename for the backup file. For instance, a command to 
restore the database might be 

mysql -u root -p < /usr/backupf i 1 es/PetCatal og . bak 

On Windows: 

Type this: 

mysql -u accountname -p < path\backupfi 1 ename 

where accountname is an account that has create permission. If 
the account doesn't require a password, leave out the p. If you 
use the p, you will be asked for the password. Use the entire path 
and filename for the backup file. For instance, a command to 
restore the PetCatalog database might be 

mysql -u root -p < c:\mysql\bak\PetCatalog.bak 

The tables might take a short time to restore. Wait for the command to 
finish. If a problem occurs, an error message is displayed. If no problems 
occur, you see no output. When the command is finished, the prompt 
appears. 



Your database is now restored with all the data that was in it at the time the 
copy was made. If the data has changed since the copy was made, the changes 
are lost. For instance, if more data was added after the backup copy was made, 
the new data is not restored. If you know the changes that were made, you can 
make them manually in the restored database. 



DropBooks Part III 

PHP 



The 5th Wave B yRichTennant 




'"Yow database is beyond, tefaur; bub before I iell ipa 
oijr backup i^ecom-msvidation.let me sa^i you a 
quesbiDn . Hdvj tnany inde^c catds do you -Ehink will Hi 
on -tte walls cfipur compiftef trxm?" 



DropBooks 





In this part . . . 


#n this part, you find out how to use PHP for your Web 
44 database application. Here are some of the topics 
described: 




How to add PHP to HTML files 




What features PHP has that are useful for building 
a Web database application 




1^ How to use the PHP features 




i> How to use forms to collect information from users 




How to show information from a database in a Web 
page 




How to store data in 


a database 




How to move information from one Web page to 
the next 


You find out everything you need to know to write the 
PHP programs you need. 
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In This Chapter 

^ Adding PHP sections to HTML files 

^ Writing PHP statements 

^ Using PHP variables 

► Comparing values in PHP variables 

^ Documenting your programs 



JiA-ograms are the application part of your Web database application. 
W Programs perform the tasks. They create and display Web pages, accept 
and process information from users, store information in the database, get 
information out of the database, and perform any other necessary tasks. 

PHP, the language that you use to write your programs, is a scripting lan- 
guage designed specifically for use on the Web. It is your tool for creating 
dynamic Web pages. It has features designed to aid you in programming the 
tasks needed by dynamic Web applications. 

In this chapter, 1 describe the general rules for writing PHP programs — the 
rules that apply to all PHP statements. Consider these rules similar to general 
grammar and punctuation rules. In the remaining chapters in Part 111, you find 
out about specific PHP statements and features and how to write PHP pro- 
grams to perform specific tasks. 



Adding a PHP Section to an HTML Paqe 

PHP is a partner to HTML (HyperText Markup Language) that extends its abil- 
ities. It enables an HTML program to do things it can't do on its own. For 
example, HTML programs can display Web pages, and HTML has features 
that allow you to format those Web pages. HTML also allows you to display 
graphics in your Web pages and to play music files. But HTML alone does not 
allow you to interact with the person viewing the Web page. 
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he Web server processes PHP files 



When a browser is pointed to a regular HTML 
file with an .html or . htm extension, the Web 
server sends the file, as-is, to the browser. The 
browser processes the file and displays the 
Web page that is described by the HTMLtags in 
the file. When a browser is pointed to a PHP file 
(with a . php extension), the Web server looks 
for PHP sections in the file and processes them 
instead of just sending them as-is to the 
browser. The steps thatthe Web server uses to 
process a PHP file are as follows: 

1. The Web server starts scanning the file in 
HTML mode. It assumes thatthe statements 
are HTML and sends them to the browser 
without any processing. 

2. The Web server continues in HTML mode 
until it encounters a PHP opening tag 

«?php). 



When it encounters a PHP opening tag, the 
Web server switches into PHP mode. This 
is sometimes called escaping from HTML. 
The Web serverthen assumes that all state- 
ments are PHP statements and executes 
the PHP statements. If there is output, the 
output is sent by the server to the browser. 

The Web server continues in PHP mode 
until it encounters a PHP closing tag (?>). 

When the Web server encounters a PHP 
closing tag, it returns to HTML mode. It 
resumes scanning, and the cycle continues 
from Step 1. 



HTML is almost interactive. That is, HTML forms allow users to type informa- 
tion that the Web page is designed to collect; however, you can't access that 
information without using a language other than HTML. PHP processes form 
information, without requiring a separate program, and allows other interac- 
tive tasks as well. 

HTML tags are used to make PHP language statements part of HTML programs. 
The program file is named with a . p h p extension. Other extension(s) can be 
defined by the PHP administrator, such as .phtml, .php4,or .php5,but .php 
is the most common. So for this book, 1 will assume that . p h p is the extension 
for PHP programs. The PHP language statements are enclosed in PHP tags 
with the following form: 

<?php ?> 




Sometimes you can use a shorter version of the PHP tags. You can try using 
<? and ?> without the php. If short tags are enabled, you can save a little 
typing. 
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PHP processes all statements between the two PHP tags. After the PHP sec- 
tion is processed, it's discarded. Or, if the PHP statements produce output, 

ection is replaced by the output. The browser does not see the PHP 
only its output if there is any output. For more on this process, 
check out the sidebar, "How the Web server processes PHP files." 



As an example, I'll start with a program that displays Hello Worldlin the 
browser window. (It's sort of a tradition that the first program you write in 
any language is the Hello World program. You might have written a Hello 
World program when you first learned HTML.) Listing 6-1 shows an HTML 
program that displays Hello World! in a browser window. 



Listing 6-1: The Hello World HTML Program 



<html> 

<head><title>Hel lo World 
<body> 

<p>Hello World! 

</body> 

</htrnl> 


PrograrTi</title></head> 

4 




If you point your browser at this HTML program, you see a Web page that 
displays 


Hello World! 








in the browser window. 

1 

Listing 6-2 shows a PHP program t 
plays Hello World! in a browser 


hat does exactly the same thins 
window. 


; — it dis- 



Listing 6-2: The Hello World PHP Program 

<html> 

<head><title>Hel lo World Prograrn</ti tl e></head> 

<body> 

<?php 

echo "<p>Hello World!" 

?> 

</body> 
</htrnl> 



If you point your browser at this program, it displays exactly the same Web 
page as the HTML program in Listing 6-1. 




Don't look at the file directly with your browser. That is, don't choose 
FileOOpenOBrowse from your browser menu to navigate to the file and click 
it. You must point at the file by typing its URL, as 1 discuss in Chapter 2. If you 
see the PHP code displayed in the browser window instead of the output that 
you expect, you might not have pointed to the file by using its URL. 
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In this PHP program, the PHP section is 

"<p>Hello World!" 



The PHP tags enclose only one statement — an echo statement. The echo 
statement is a PHP statement that you will use frequently. It simply outputs 
the text between the double quotes. 



There is no rule that says you must enter the PHP on separate lines. You 
could just as well include the PHP in the file on a single line, like this: 



<?php echo "<p>Hello World!" ?> 



When the PHP section is processed, it is replaced with the output. In this 
case, the output is 

<p>Hello World! 

If you replace the PHP section in Listing 6-2 with the preceding output, the 
program now looks exactly like the HTML program in Listing 6-1. If you point 
your browser at either program, you see the same Web page. If you look at the 
source code that the browser sees (in the browser, choose ViewOSource), you 
see the same source code listing for both programs. 

■ 

Writirtq PHP Statements 

The PHP section that you add to your HTML file consists of a series of PHP 
statements. Each PHP statement is an instruction to PHP to do something. In 
the Hello World program shown in Listing 6-2, the PHP section contains only 
one simple PHP statement. The echo statement instructs PHP to output the 
text between the double quotes. 

PHP statements end with a semicolon (;). PHP does not notice white space 
or the end of lines. It continues reading a statement until it encounters a 
semicolon or the PHP closing tag, no matter how many lines the statement 
spans. Leaving out the semicolon is a common error, resulting in an error 
message that looks something like this: 

Parse error: expecting or in /hello. php on line 6 

Notice that the error message gives you the line number where it encoun- 
tered problems. This information helps you locate the error in your program. 
This error message probably means that the semicolon was omitted at the 
end of line 5. 
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I recommend writing your PHP programs with an editor that uses line num- 
bers. If your editor doesn't let you specify which line you want to go to, you 
fount the lines manually from the top of the file every time that you 
Jn error message. Many editors that are good for editing PHP are 
listed at phped i tors. linuxbackup. co.uk. 



oers. II yo 



Sometimes groups of statements are combined together into a block. A block 
is enclosed by curly braces ( { ) ). A block of statements execute together. A 
common use of a block is in a conditional block, in which statements are exe- 
cuted only when certain conditions are true. For instance, you might want 
your program to do the following: 

if (the sky is blue) 
{ 

put leash on dragon; 

take dragon for a walk in the park; 



These statements are enclosed in curly braces to ensure that they execute as 
a block. If the sky is blue, both put leash on dragon and take dragon 
for a walk in the pa rk are executed. If the sky is not blue, neither state- 
ment is executed (no leash; no walk). 

PHP statements that use blocks, such as i f statements (which 1 explain in 
Chapter 7), are complex statements. PHP reads the entire complex statement, 
not stopping at the first semicolon that it encounters. PHP knows to expect 
one or more blocks and looks for the ending curly brace of the last block in 
complex statements. Notice that there is a semicolon before the ending 
brace. This semicolon is required, but no semicolon is required after the 
ending curly brace. 

If you wanted to, you could write the entire PHP section in one long line, as 
long as you separated statements with semicolons and enclosed blocks with 
curly braces. However, a program written this way would be impossible for 
people to read. Therefore, you should put statements on separate lines, 
except for occasional, really short statements. 

Notice that the statements inside the block are indented. Indenting is not nec- 
essary for PHP. Indenting is strictly for readability. You should indent the 
statements in a block so that people reading the script can tell more easily 
where a block begins and ends. 

In general, PHP doesn't care whether the statement keywords are in upper- or 
lowercase. Echo, echo, ECHO, and eCHo are all the same to PHP. 
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rror messages and warnings 



nes^o "Den^ful when problems arise. 
It provides error messages and warnings as 
follows: 

i/* Error message: You receive this message 
when the program has a problem that pre- 
vents it from running. The message con- 
tains as much information as possible to 
help you identify the problem. A common 
error message is 

Parse error: parse error in 
c:\catalog\test.php on 
line 6 

Often, you receive this error message 
because you've forgotten a semicolon, a 
parenthesis, or a curly brace. 

\/* Warning message: You receive this mes- 
sage when the program sees a problem but 
the problem is not serious enough to pre- 
vent the program from running. Warning 
messages do not mean that the program 
can't run; the program does continue to run. 
Rather, warning messages tell you that PHP 
believes that something is probably wrong. 
You should identify the source of the warn- 
ing and then decide whether it needs to be 
fixed. It usually does. 

\/* Notice: You receive a notice when PHP 
sees a condition that might be an error or 
might be perfectly okay. Notices, like warn- 
ings, do not cause the scriptto stop running. 
Notices are much less likely to indicate 
serious problems than warnings. Notices 
just tell you that you are doing something 
unusual and to take a second look at what 
you're doing to be sure that you really want 
to do it. 



One common reason why you might receive 
a notice is if you're echoing variables that 
don't exist. Here's an example of what you 
might see in that instance: 

Notice: Undefined variable: age 
in testing. php on line 9 

Notice that all types of messages indicate the 
filename causing the problem and the line 
number where the problem was encountered. 

PHP has several kinds of error and warning mes- 
sages. Which kinds are sent depends on the 
error message level that PHP is set to. You do 
wantto see all the error messages, butyou might 
not want to see all the warnings and notices. 
Often the only problem with a notice is the 
unsightly message; the code does exactly what 
you want it to do. Or, you might want notices dis- 
played during development but not after the 
application is being used by customers. 

To change the error message level for your Web 
site to show more orfewer messages, you must 
be the PHP administrator Editthe php . i ni file 
on your system. It contains a section that 
explains the error message levels and how to 
set them. Change the line that sets your error 
message level and then save the edited 
php . i ni file. fl/ofe;You might need to restart 
your Web server before the changes in the PHP 
configuration file take effect. 

If you are not the PHP administrator for your 
system and don't have access to php . i ni,you 
can add a statement to any program that sets 
the error reporting level for that program only. 
To set the error level, add the following state- 
ment at the beginning of the program: 
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To see all errors except notices, use the 
following: 

error_reporti ng ( E_ALL & 
~E_NOTICE) ; 

OPTIONS can be any of the codes described in 
the php . i ni file. 



U$in0 PHP Variables 

Variables are containers used to hold information. A variable has a name, and 
information is stored in the variable. For instance, you might name a variable 
$a ge and store the number 12 in it. After information is stored in a variable, it 
can be used later in the program. One of the most common uses for variables 
is to hold the information that a user types into a form. 



Naming^ a i/ariabte 

When you're naming a variable, keep the following rules in mind: 

All variable names have a dollar sign ($) in front of them. This tells PHP 
that it is a variable name. 

1^ Variable names can be any length. 

Variable names can include letters, numbers, and underscores only. 

Variable names must begin with a letter or an underscore. They cannot 
begin with a number. 

1^ Uppercase and lowercase letters are not the same. For example, 
$firstname and SFirstname are not the same variable. If you store 
information in $f i rstname, you can't access that information by using 
the variable name SfirstName. 

When you name variables, use names that make it clear what information is 
in the variable. Using variable names like $varl, $var2, $A,or $B does not 
contribute to the clarity of the program. Although PHP doesn't care what you 
name the variable and won't get mixed up, people trying to follow the pro- 
gram will have a hard time keeping track of which variable holds what infor- 
mation. Variable names like $f i rstName, Sage, and SorderTotal are much 
more descriptive and helpful. 



error_reporti ngCOPr/O/VS) ; 

^fl^r^^ll^cQ that tells PHP what error 
repoTffn^Bvel to iTSe. To see all errors, use the 
following: 

error_reporti ng( E_ALL) ; 
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Creating and assi^ninq Uatues to Uariabtes 



can hold either numbers or strings of characters. You store infor- 
variables by using a single equal sign (=). For instance, the follow- 
ing four PHP statements assign information to variables: 

$age = 12; 
$price = 2.55; 
$number=-2 ; 

Sname = "Goliath Smith"; 

Notice that the character string is enclosed in quotes but the numbers are 
not. Details about using numbers and characters are described later in this 
chapter. (See "Working with Numbers" and "Working with Character Strings.") 

You can now use any of these variable names in an e c h o statement to see the 
value in that variable. For instance, if you use the following PHP statement in 
a PHP section: 



echo $age; 






the output is 1 2. If you include the following line in an HTML file: 




<p>Your age is <?php echo 


$age ?>. 






the output on the Web page is 








Your age is 12. 






Whenever you put information into a variable that did not exist before. 



you create that variable. For instance, suppose you use the following PHP 
statement: 

Sfirstname = "George"; 

If this statement is the first time that you've mentioned the variable 
$f i rstname, this statement creates the variable and sets it to "George". If 
you have a previous statement setting $fi rstname to "Mary", this statement 
changes the value of $f i rstname to "George". 

You can also remove information from a variable. For example, the following 
statement takes information out of the variable Sage: 

$age = " " ; 

The variable $age exists but does not contain a value. It does not mean that 
Sage is set to 0 because zero is a value. It means that $age does not store 
any information at all. 
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You can go even further and uncreate the variable by using this statement: 

4$age ) ; 

IS statement is executed, the variable $a ge no longer exists. 



A variable keeps its information for the whole program, not just for a single 
PHP section. If a variable is set to "yes " at the beginning of a file, it will still 
hold "y es " at the end of the page. For instance, suppose your file has the fol- 
lowing statements: 



<p>Hello World! 


<?php 


Sage = 15; 


Sname = "Harry" ; 




?> 




<br>Hello World again!<br> 






<?php 






echo Sname; 


\ 




?> 







The echo statement in the second PHP section will display H a r ry . The Web 
page resulting from these statements is 

Hello World! 

Hel 1 0 Worl d agai n ! 

Harry 

I 



Dealing u/ith notices 



If you use a statement that includes a variable that does not exist, you might get 
a notice. It depends on the error message level that PHP is set to. Remember 
that notices aren't the same as error messages; notices don't mean the program 
can't run — the program does continues to run. Notices just tell you that you're 
doing something unusual and to take a second look at what you're doing to be 
sure that you really want to do it. (See the sidebar, "Error messages and warn- 
ings.") For instance, suppose you use the following statements: 

unset($age) ; 
echo $age; 
$age2 = $age; 

You might see two notices: one for the second statement and one for the 
third statement. The notices will look something like this: 



Notice: Undefined variable: age in testing. php on line 9 
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the notice 



Suppose that you definitely want to use these statements. The program 
works exactly the way you want it to. The only problems are the unsightly 

^ou can prevent notices within a program by inserting an at sign (@) 
int where the notice would be issued. For instance, you can prevent 
the notices generated by the preceding statements if you change the state- 
ments to this: 



unset($age) ; 
echo @$age; 
$age2 = @$age; 

If you are the PHP administrator, you can change the error message level so 
that notices are not displayed. For details on how to do this, check out the 
sidebar, "Error messages and warnings," elsewhere in this chapter 



U$m0 PHP Constants 

PHP constants are very similar to variables. Constants are given a name, and 
a value is stored in them. However, constants are constant; that is, they can't 
be changed by the program. After you set the value for a constant, it stays 
the same. If you used a constant for age and set it to 29, it can't be changed. 
Wouldn't that be nice — 29 forever? 

Constants are used when information is used several places in the program 
and doesn't change during the program. It's useful to set a constant for the 
value at the beginning of the program and use it throughout the program. By 
making it a constant instead of a variable, you make sure that it won't get 
changed accidentally. By giving it a name, you know what the information is 
instantly. And by setting a constant once at the start of the program (instead 
of using the value throughout the program), you can change the value in one 
place if it needs changing instead of hunting for it in many places in the pro- 
gram to change it. 

For instance, you might set a constant that's the company name and a constant 
that's the company address and use them wherever needed. Then, if the com- 
pany moved, you could just change the value in the company address at the 
start of the program instead of having to find every place in your program that 
echoed the company name to change it. 

Constants are set by using the define statement. The format is 

def i ne( " constantname" , " constantva 1 ue" ) ; 
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For instance, to set a constant with the company name, use the following 
statement: 



ipBooks 



I ("COMPANY" , "ABC Pet Store") ; 

Now use the constant in your program wherever you need your company 
name: 

echo COMPANY; 

When you echo a constant, you can't enclose it in quotes. If you do, it will 
echo the constant name, instead of the value. You can echo it without any- 
thing, as shown in the preceding example, or enclosed with parentheses. 

You can use any name for a constant that you can use for a variable, but con- 
stant names do not begin with a dollar sign ($). By convention, constants are 
given names that are all uppercase, so you can see easily that they're con- 
stants. However, PHP itself doesn't care what you name a constant. You can 
store either a string or a number in it. The following statement is perfectly 
okay with PHP: 

define ("AGE", 29); ■ 



Just don't expect Mother Nature to believe it. 



n 

Working u/itfi Numbers 

PHP allows you to do arithmetic operations on numbers. You indicate arith- 
metic operations with two numbers and an arithmetic operator. For instance, 
one operator is the plus (+) sign, so you can indicate an arithmetic operation 
like this: 



1 + 2 



You can also perform arithmetic operations with variables that contain num- 
bers, as follows: 



$nl = 1; 
$n2 = 2; 

Ssum = $nl + $n2; 



Table 6-1 shows the arithmetic operators that you can use. 



Table 6-1 


Arithmetic Operators 




Description 






Add two numbers together. 


Subtract the second numberfrom the first number. 


* 


Multiply two numbers together. 


/ 


Divide the first number by the second number. 


% 


Find the remainder when the first number is divided by 




the second number. This is called modulus. For instance. 




in $a = 13 % 4, $a issetto 1. 



You can do several arithmetic operations at once. For instance, the following 
statement performs three operations: 

$result =1+2*4+1; f 

The order in which the arithmetic is performed is important. You can get dif- 
ferent results depending on which operation is performed first. PHP does 
multiplication and division first, followed by addition and subtraction. If 



other considerations 
preceding statement 


are equal, PHP goes from left to right. Consequently, the 
sets $ r e s u 1 1 to 1 0 , in the following order: 


Sresult =1+2*44 
Sresult =1+8+1 
Sresult =9+1 
Iresult = 10 


- 1 (first, 
(next, i 
(next, i 


it does the 
t does the 1 
t does the r 


multiplication) 
eftmost addition) 
emaining addition) 





You can change the order in which the arithmetic is performed by using 
parentheses. The arithmetic inside the parentheses is performed first. For 
instance, you can write the previous statement with parentheses like this: 



Sresult = (1 + 2) * 4 + 1; 



This statement sets $resulttol3, in the following order: 



Sresu" 


It = 


(1 + 2) * 4 + 1 


(first, it does the math in the parentheses) 


Sresu" 


It = 


3*4 + 1 


(next, it does the multiplication) 


$resu" 


It = 


12 + 1 


(next, it does the addition) 


Iresu" 


It = 


13 





On the better-safe-than-sorry principle, it's best to use parentheses whenever 
more than one answer is possible. 



Often, the numbers that you work with are dollar amounts, such as product 
prices. You want your customers to see prices in the proper format on Web 
pages. In other words, dollar amounts should always have two decimal 
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places. However, PHP stores and displays numbers in the most efficient 
format. If the number is 10.00, it is displayed as 1 0. To put numbers into the 
rmat for dollars, you can use spri ntf. The following statement for- 
mber into a dollar amount: 



inewvari abl ename = spri ntf ( "%01 . 2f" , %ol dvari abl ename) ; 

This statement reformats the number in $oldvari abl ename and stores it in 
the new format in inewvari ab 1 ename. For example, the following statements 
display money in the correct format: 



$price = 25; 

$f_price = spri ntf ( "%01 . 2f" , Spri ce ) ; 
echo " $f_pri ce<br>" ; 



You see the following on the Web page: 



25.00 



spri ntf can do more than format decimal places. For more information on 
using spri ntf to format values, see Chapter 13. 

If you want commas to separate thousands in your number, you can use 
nurTiber_f ormat. The following statement creates a dollar format with 
commas: 



Sprice = 25000; 

$f_price = nurTiber_f ormat ( $pri ce , 2 ) ; 
echo " $f_pri ce<br>" ; 



You see the following on the Web page: 



25,000.00 



The 2 in the nurriber_f ormat statement sets the format to two decimal 
places. You can use any number to get any number of decimal places. 



Working u/ith Character Strings 

A character string is a series of characters. Characters are letters, numbers, 
and punctuation. When a number is used as a character, it is just a stored 
character, the same as a letter. It can't be used in arithmetic. For instance, a 
phone number is stored as a character string because it only needs to be 
stored — not added or multiplied. 

When you store a character string in a variable, you tell PHP where the string 
begins and ends by using double quotes or single quotes. For instance, the 
following two statements are the same. 
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$string = "Hello World!"; 
* ■ ■ g = 'Hello World! ' ; 

that you wanted to store a string as follows: 

$string = 'It is Tom's house'; 
echo $string; 




These statements won't work because when PHP sees the ' (single quote) 
after Tom, it thinks that this is the end of the string and displays the following: 



It is Tom 



You need to tell PHP to interpret the single quote (') as an apostrophe 
instead of the end of the string. You can do this by using a backslash (\) in 
front of the single quote. The backslash tells PHP that the single quote does 
not have any special meaning; it's just an apostrophe. This is escaping the 
character. Use the following statements to display the entire string: 




Sstring = 'It is Tom\'s house'; 
echo Sstring; 

Similarly, when you enclose a string in double quotes, you must also use a 
backslash in front of any double quotes in the string. 



Sinqte-Huoted strings i/ersus 
doubte'(luoted strings 

Single-quoted and double-quoted strings are handled differently. Single- 
quoted strings are stored literally, with the exception of \ ' , which is stored 
as an apostrophe. In double-quoted strings, variables and some special char- 
acters are evaluated before the string is stored. Here are the most important 
differences in the use of double or single quotes when writing programs: 



Handling variables: If you enclose a variable in double quotes, PHP uses 
the value of the variable. However, if you enclose a variable in single 
quotes, PHP uses the literal variable name. For example, if you use the 
following statements: 

$age = 12; 
$resultl = "Sage"; 
$resul t2 = ' $age ' ; 
echo Sresultl; 
echo "<br>"; 
echo $result2; 
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the output is 

12 

ige 



:arting a new line: The special characters \ n tell PHP to start a new 
line. When you use double quotes, PHP starts a new line at \n, but with 
single quotes, \n is a literal string. For instance, when using the follow- 
ing statements: 



$stringl = 


"String in 


\ndoubl e 


quotes" ; 


$string2 = 


'String in 


\ n s i n g 1 e 


quotes ' ; 



s t r i n g 1 outputs as 

String in 
double quotes 

and s t r i n g 2 outputs as 

String in \nsingle quotes 

Inserting a tab: The special characters \t tell PHP to insert a tab. When 
you use double quotes, PHP inserts a tab at \t, but with single quotes, 
\t is a literal string. For instance, when using the following statements: 



$stringl = 


"String in 


\tdoubl e 


quotes" ; 


$string2 = 


'String in 


\tsi ngl e 


quotes ' ; 



s t r i n g 1 outputs as 

String in double quotes 
and stri ng2 outputs as 

String in \tsingle quotes 



The quotes that enclose the entire string determine the treatment of variables 
and special characters, even if there are other sets of quotes inside the string. 
For example, look at the following statements: 

Snumber = 10; 

$stringl = "There are '$number' people in line."; 
$string2 = 'There are "Snumber" people waiting.'; 
echo $stri ngl , "<br>\n" ; 
echo $string2; 



The output is as follows: 



There are '10' people in line. 
There are "$number" people waiting. 
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Joining strings 



oin strings, a process called concatenation, by using a dot (.)• For 
you can join strings with the following statements: 



$stri ngl = ' Hel 1 o ' ; 
$string2 = 'World! ' ; 
$stringall = $stri ngl . $stri ng2 ; 
echo $stri ngal 1 ; 

The echo statement outputs 

Hel 1 oWorld! 

Notice that no space appears between Hello and Worl d. That's because no 
spaces are included in the two strings that are joined. You can add a space 
between the words by using the following concatenation statement rather 
than the earlier statement: 



$stringall = $stringl." ". 


$stri ng2 ; 






You can use . = to add characters to an existing string. For examp 
use the following statements in place of the preceding statements 


le, you can 


$stringall = "He 
Sstringall .= " 
echo $stri ngal 1 ; 


llo"; 
World!"; 








The echo statement outputs this: 







Hello World! 

You can also take strings apart. You can separate them at a given character 
or look for a substring in a string. You use functions to perform these and 
other operations on a string. 1 explain functions in Chapter 7. 



Working u/ith Dates and Times 

Dates and times can be important elements in a Web database application. PHP 
has the ability to recognize dates and times and handle them differently than 
plain character strings. Dates and times are stored by the computer in a format 
called a timestamp. However, this is not a format in which you or 1 would want 
to see the date. PHP converts dates from your notation into a timestamp that 
the computer understands and from a timestamp into a format that is familiar 
to people. PHP handles dates and times by using built-in functions. 
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The timestamp format is a Unix Timestamp, which is an integer that is the 
number of seconds from January 1, 1970 00:00:00 GMT (Greenwich Mean Time) 
e represented by the timestamp. This format makes it easy to calcu- 
(me between two dates — just subtract one timestamp from the other 



Formatting a date 

The function that you will use most often is date, date converts a date or 
time from the timestamp format into a format that you specify. The general 
format is 



Smydate = dateC 


format" , $ti mestamp) ; 






$ti' mestamp is a variable with a timestamp stored in it. You previously stored 
the timestamp in the variable, using a PHP function as I describe later in this 
section. If Stimestamp is not included, the current time is obtained from the 
operating system and used. Thus, you can get today's date with the following 
statement: 


$today = dateC'Y/m/d"); 






If today is August 10, 


2003, this statements returns 




2003/08/10 











The format is a string that specifies the date format that you want stored in the 
variable. For instance, the format "yy-m d" returns 03-8-10, and "M . d .yyyy " 
returns Aug. 10.2003. Table 6-2 lists some of the symbols that you can use in 
the format string. (For a complete list of symbols, see the documentation at 
www .php.net.) The parts of the date can be separated by hyphens ( ), dots 
(.), forward slashes (/), or spaces. 



Table 6-2 


Date Format Symbols 




Symbol 


Meaning 


Example 


M 


Month in text, abbreviated 


Jan 


F 


Month in text not abbreviated 


January 


m 


Month in numbers with leading zeros 


02, 12 


n 


Month in numbers without leading zeros 


1,12 


d 


Day of the month; two digits with leading zeros 


01, 14 



(continued) 
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Table 6-2 (continued) 



DropBo 





Meaning 






Example 


Jrvo 

J 


Day of the month without leading zeros 


3, 30 


1 


Day of the weel< in text not abbreviated 


Friday 


D 


Day of the weel< in text as an abbreviation 


Fri 




w 


Day of the week in numbers 


From 0 

(Sunday) to 6 
(Saturday) 


Y 


Year in four digits 




2002 


y 


Year in two digits 






02 




g 


Hour between 0 and 12 without leading zeros 


2,11 


D 


G 


Hour between 0 and 24 without leading zeros 


2,1! 


5 


h 


Hour between 0 and 12 with leading zeros 


01, 


10 


H 


Hour between 0 and 24 with leading zeros 


00, 


23 


i 


Minutes 






00,! 


59 


s 


Seconds 




00,! 


59 


a 


am or pm in lowercase 


am. 


pm 


A 


AM or PM in upp 


ercase 


AM 


, PM 











Storing a timestamp in a (/ariable 

You can assign a timestamp with the current date and time to a variable with 
the following statements: 

$today = timeC ) ; 
Another way to store a current timestamp is with the statement 

$today = strtotimeC "today" ) ; 

You can store specific timestamps by using strtotime with various key- 
words and abbreviations that are very much like English. For instance, you 
can create a timestamp for January 15, 2003, as follows: 

SimportantDate = strtotimeC "January 15 2003"); 
strtotime recognizes the following words and abbreviations : 
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I am. D 



\^ Month names: Twelve month names and abbreviations 
Days of the week: Seven days and some abbreviations 

units: Year, month, fortnight, week, day, hour, minute, second. 



am, pm 

Some usehil EngUsh words: ago, now, last, next, this, tomorrow, yesterday 
Plus and minus: + or 
\^ All numbers 

Time zones: For example, gmt (Greenwich Mean Time), pdt (Pacific 
Daylight Time), and a kst (Alaska Standard Time) 

You can combine the words and abbreviations in a wide variety of ways. The 



following statements are all valid: 




SimportantDate = 
SimportantDate = 
SimportantDate = 
SimportantDate = 
SimportantDate = 
SimportantDate = 
SimportantDate = 


strtotime( "tomorrow" ) ; #24 hours 
strtotime( "now + 24 hours"); 
strtotime( "1 ast Saturday"); 
strtotime( "8pm + 3 days"); 
strtotime("2 weeks ago"); # at curr 
strtotime( "next year gmt"); #1 year 
strtoti me( "thi s 4am"); # 4 AM tc 


from now 

ent time 

from now 
day 


If you wanted to know how long a 
tract it from S tod ay. For instance 


go Si mportantDate was, you could sub- 


StimeSpan = Stod 


ay - Simp 


0 


rtantDate 






This gives you the number of seconds between the important date and today. 
Or use the statement 



StimeSpan =((Stoday - Si mportantDate ) /60 ) /60 
to find out the number of hours since the important date. 



Uslnq dates With Mt^SQL 

Often you want to store a date in your MySQL database. For instance, you 
might want to store the date when a customer made an order or the time 
when a member logged in. MySQL also recognizes dates and times and han- 
dles them differently than plain character strings. However, MySQL handles 
them differently than PHP. In order to use dates and times in your applica- 
tion, you need to understand both how PHP handles dates (which 1 describe 
in the previous few sections) and how MySQL handles dates. 

I discuss the DATE and DATETIME data types for MySQL in detail in Chapter 3. 
The following is a summary. 
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DATE: MySQL date columns expect dates with the year first, the month 
second, and the day last. The year can be yyyy or yy. The month can be 



r m. The day can be dd or d. The parts of the date can be separated 
hyphen ( ), a forward slash (/), a dot (.), or a space. 



DAT ET I ME: MySQL datetime columns expect both the date and the time. 
The date is formatted as 1 describe in the preceding bullet. The date is 
followed by the time in the format h h : mm : s s . 



Dates and times must be formatted in the correct MySQL format to store 
them in your database. PHP functions can be used for formatting. For 
instance, you can format today's date into a MySQL format with this 
statement: 

$today = date( "Y-m-d" ) ; 
You can format a specific date by using the statement 

SimportantDate = date( " Y .m . d" , strtoti me( " Jan 15 2003")); 
You can then store the formatted date in a database with an SQL query like this: 

UPDATE Member SET createDate=" $today " 



Comparing Values ■ 

In programs, you often use conditional statements. That is, if something is 
true, your program does one thing, but if something is not true, your program 
does something different. Here are two examples of conditional statements: 

if user is a child 

show toy catalog 

if user is not a child 

show electronics catalog 

In order to know which conditions exist, the program must ask questions. 
Your program then performs tasks based on the answers. Some questions 
(conditions) that you might want to ask — and the actions that you might 
want taken — are 

*^ Is the customer a child? If so, display a toy catalog. 

Which product has more sales? Display the most popular one first. 

Did the customer enter the correct password? If so, display the 
Members Only Web page. 

Does the customer live in Ohio? If so, display the map to the Ohio store 
location. 
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To ask a question in a program, you form a statement that compares values. 
The program tests the statement and determines whether the statement is 
Ise. For instance, you can state the preceding questions as 



customer is less than 13 years of age. True or false? If true, display 
the toy catalog. 

V Product 1 sales are higher than Product 2 sales. True or false? If true, 
display Product 1 first; if false, display Product 2 first. 

The customer's password is secret. True or false? If true, show the 
Members Only Web page. 

1^ The customer lives in Ohio. True or false? If true, display a map to the 
Ohio store location. 



Comparisons can be quite simple. For instance, is the first value larger than 
the second value? Or smaller? Or equal to? But sometimes you need to look at 
character strings to see whether they have certain characteristics instead of 
looking at their exact values. For instance, you might want to identify strings 
that begin with S or strings that look like phone numbers. For this type of com- 
parison, you compare a string to a pattern, which I describe in the section 
"Matching character strings to patterns," later in this chapter 



Making simple comparisons 

Simple comparisons compare one value to another value. PHP offers several 
ways to compare values. Table 6-3 shows the comparisons that are available. 



Table 6-3 


Comparing Values 


Comparison 


Description 


Are the two values equal? 


> 


Is the first value larger than the second value? 


>= 


Is the first value larger than or equal to the second value? 


< 


Is the first value smaller than the second value? 


<= 


Is the first value smaller than or equal to the second value? 


! = Are the two values not equal to each other? 


<> 


Are the two values not equal to each other? 
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You can compare both numbers and strings. Strings are compared alphabeti- 
cally, with all uppercase characters coming before any lowercase characters. 
,nce, 55 comes before Sa. Characters that are punctuation also have 
and one character can be found to be larger than another character. 
However, comparing a comma to a period doesn't have much practical value. 




^^pA.sr^ Strings are compared based on their ASCII (American Standard Code for 
^^''^^X Information Interchange) code. In the ASCII character set, each character 
is assigned an ASCII code that corresponds to a decimal number between 0 
and 127. When strings are compared, they are compared based on this code. 
For instance, the number that represents the comma is 44. The period corre- 
sponds to 46. Therefore, if a period and a comma are compared, the period is 
seen as larger. 

Comparisons are often used to execute statements only under certain condi- 
tions. For instance, in the following example, the block of statements is only 
executed when the comparison Sweat her == "rai ni ng" is true: 

if ( Sweather == "raining" ) 

{ 

put up umbrella; 
cancel picnic; 



PHP checks the variable Sweatherto see whether it is equal to " r a i n i n g " . If 
it is , PHP executes the two statements. If Sweather is not equal to "raining", 
PHP does not execute the two statements. 

^xttNG.' The comparison sign is two equal signs (==). One of the most common mis- 

takes is to use a single equal sign for a comparison. A single equal sign puts the 
value into the variable. Thus, a statement like i f (Sweather = "raining") 
would set Sweather to rai ni ng rather than check whether it already equaled 
raining and would thus always be true. 

For example, here's a solution to the programming problem presented at the 
beginning of this section. The problem is 

if user is a child 

show toy catalog 

if user is not a child 

show electronics catalog 

To determine whether a customer is an adult, you compare the customer's 
age with the age when the customer is considered to be an adult. You need to 
decide at what age a customer would stop being interested in toy catalogs and 
start being more interested in electronic catalogs. Suppose you decide that 13 
seems like the right age. You then ask whether the customer is younger than 
13 by comparing the customer's age to 13. If the age is less than 13, show the 
toy catalog; if the age is 13 or over, show the electronics catalog. These com- 
parisons would have the following format: 
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$age < 13 


(is 


the 


customer ' s 


age less than 13?) 


$|ge >= 13 


(is 


the 


customer ' s 


age greater than or equal to 13?) 



to program the conditional actions is to use the following statements: 



if ($age < 13) 

$status = "child"; 
if ($age >= 13) 

Sstatus = "adult"; 

These statements instruct PHP to compare the customer's age to 13. In the 
first statement, if the customer's age is less than 13, the customer's status is 
set to " c h i 1 d " . In the second statement, if the customer's age is equal to 13 
or greater than 13, the customer's status is set to "adult". You then show 
the toy catalog to customers whose status is child and show the electronic 
catalog to those whose status is adult. Although you can write these i f 
statements in a more efficient way, the statements shown will work. A full 
description of conditional statements is provided in Chapter 7. 



Matching character strings to patterns 

Sometimes you need to compare character strings to see whether they fit 
certain characteristics rather than whether they match exact values. For 
instance, you might want to identify strings that begin with S or strings that 
have numbers in them. For this type of comparison, you compare the string 
to a pattern. These patterns are regular expressions. 

You've probably used some form of pattern matching in the past. For 
instance, when you use an asterisk (*) as a wildcard when searching for files 
(di r s* . doc or 1 s s* . txt), you are pattern matching. For instance, c* . txt 
is a pattern. Any string that begins with a c and ends with the string .txt, 
with any characters in between the c and the . txt, matches the pattern. The 
strings cow . txt, c3333 . txt, and c3c4 . txt all match the pattern. Using reg- 
ular expressions is just a more complicated variation of using wildcards. 

The most common use for pattern matching on Web pages is to check the 
input from a form. If the information doesn't make sense, it's probably not 
something that you want to store in your database. For instance, if the user 
types a name into a form, you can check whether it seems like a real name 
by matching patterns. You know that a name consists mainly of letters and 
spaces. Other valid characters might be a hyphen ( ) — for example, in the 
name Smith-Kline — and a single quote (' ) — for example, O'Hara. You can 
check the name by setting up a pattern that's a string containing only letters, 
spaces, hyphens, and single quotes and then matching the name to the pat- 
tern. If the name doesn't match — that is, if it contains characters not in the 
pattern, such as numerals or a question mark (?) — it's not a real name. 
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Patterns consist of literal characters and special characters. Literal characters 
are normal characters, with no other special meaning. A c is a c with no 

other than it's one of the 26 letters in the English alphabet. Special 
s have special meaning in the pattern, such as the asterisk (*) when 
used as a wildcard. Table 6-4 shows the special characters used in patterns. 



Table 6-4 Special Characters Used in Patterns 



Character 


Meaning 




Example 


Match 


Not a 
Match 






A 


Beginning 
of line. 




cat 1 


my cat 


$ 


End of line. 


c$ 


tic ; 


stick 


Any single 
character. 


Any string i 
that contains 
at least two 
characters 


a, 1 




Preceding 
character is 
optional. 


mea?n 


mean, men i 


moan 


( ) 


Groups literal 
characters into 
a string that must 
be matched exactly. 




rTi(ea)n 


mean i 


men, mn 


[ ] 


Encloses a set 
of optional literal 
characters. 




m[ea] n 


men, man i 


mean, mn 




Represents all 
the characters 
between two 


rn[a-c]n 


man, mbn, i 
men 1 


mdn, mun, 
maan 




characters. 








+ 


One or more of 
the preceding 
items. 


door[l-3]+ doorlll, i 
doorlSI 1 


door, 
doorSS 


* 


Zero or more of 
the preceding 
items. 


door[l-3]* door, i 
doorSII 1 


door4, 
door445 
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^ 1 — — 


Meaning 


Example 


Match 


Not a 
Match 


)ks 


The starting and 
ending number 
of a range of 
repetitions. 


a{2,5) 


aa, aaaaa 


a, xx3 


\ 


The following 
character is 


m\*n 


m*n 


men, mean 




literal. 








( 1 1 ) 


A set of alter- 
nate strings. 


(Torn Torrnny ) 


Tom, Tommy 


Thomas, To 



Literal and special characters are combined to make patterns, which are 
sometimes long, complicated patterns. A string is compared to the pattern, 
and if it matches, the comparison is true. Some example patterns follow with 
a breakdown of the pattern and some sample matching and nonmatching 
strings: 

" [ A Z ] . * — Strings that begin with an uppercase letter 

• " [ A - Z ] — Uppercase letter at the beginning of the string 

• . * — A string of characters that is one or more characters long 
Strings that match: 

• Play it again, Sam ' 

• 1 

Strings that do not match: 

• play it again, Sam 
' • i 

1^ Dear (son | daughter) — Two alternate strings 

• Dear — Literal characters 

• (son I daughter ) — Either son or daughter 
Strings that match: 

• Dear son 

• My Dear daughter 
Strings that do not match: 

• Dear Goliath 

• son 



Part III: PHP 



I W '^[0-9]{5) (\-[0-9]{4) )?$ — AnyZIPcode 
I •''[0-9]{5) — Any string of five numbers 
DDOOKS \ -Aliteral 

• [0-9]{4) — A string of numbers tfiat is four characters long 



• ( ) ? — Groups tfie last two parts of the pattern and makes them 
optional 

Strings that match: 

• 90001 

• 90002-4323 
Strings that do not match: 

• 9001 

• 12-4321 

^'''.+@.+\.corTi$ — Any string with @ embedded that ends in . com 

• . + — Any string of one or more characters at the beginning. 

• @ — A literal @ (at sign). @ is not a special character. 

• . + — Any string of one or more characters. 

• \ . — A literal dot. 

• comS — A literal string com at the end of the string. 
Strings that match: | 

• mary@hercompany.com 
Strings that do not match: 

• mary@hercompany.net 

• @mary.com 

You can compare a string to a pattern by using ereg. The general format is 

^T&qV' pattern" , string); 
Either pattern or string can be a literal as follows: 

ereg("[0-9]*","1234"); 
or can be stored in variables, as follows: 

ereg($pattern,$string); 
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To use e r e g to check the name that a user typed in a form, compare the 
name to a pattern as follows: 



[A-Za-z' -]+$", Sname) 

The pattern in this statement does the following: 

Uses " and $ to signify the beginning and end of the string. That means 
that all the characters in the string must match the pattern. 

Encloses all the literal characters that are allowed in the string in [ ] . No 
other characters are allowed. The allowed characters are uppercase and 
lowercase letters, an apostrophe ('), a blank space, and a hyphen ( ). 

You can specify a range of characters using a hyphen within the [ ] . 
When you do that, as in A - Z above, the hyphen does not represent a lit- 
eral character Because you want the hyphen included as a literal char- 
acter that is allowed in your string, you need to add a hyphen that is not 
between any two other characters. In this case, the hyphen is included 
at the end of the list of literal characters. 

V Follows the list of literal characters in the [ ] with a +. The plus sign 
means that the string can contain any number of the characters inside 
the [ ] but must contain at least one character. 



Joining CompaYisons vOith andlorlxoY 

Sometimes one comparison is sufficient to check for a condition, but often, 
you need to ask more than one question. For instance, suppose that your com- 
pany offers catalogs for different products in different languages. You need to 
know which product the customer wants to see and which language he or she 
needs to see it in. This is the general format for a series of comparisons: 

comparison and|or|xor comparison and|or|xor comparison and|or|xor ... 
Comparisons are connected by one of the three following words: 

1;^ and: Both comparisons are true. 
or: One of the comparisons or both of the comparisons are true. 
xor: One of the comparisons is true but not both of the comparisons. 

Table 6-5 shows some examples of multiple comparisons. 
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Table 6-5 




Multiple Comparisons 






Is True If 


Scustomer == 
or $customer 


"Smi th" 
== "Jones" 


The customer is named either Smith or 
Jones. 


Scustomer == 
$custState == 


"Smith" and 
= "0R" 


The customer is named Smith, andihe 
customer lives in Oregon. 


$customer == 
$custState == 


"Smith" or 
= "OR" 


The customer is named Smith, orthe 
customer lives in Oregon or both. 


$customer == 
$custState == 


"Smith" xor 
= "OR" 


The customer is named Smith, orthe 
customer lives in Oregon — but not both. 


$customer != 
and $custAge 


"Smi th" 

< 13 


The customer is named anything except 
Smith and is under 13 years of age. 



You can string together as many comparisons as necessary. The comparisons 
that use and are tested first, the comparisons that use xor are tested next, and 
the comparisons that use o r are tested last. For instance, the following is a 
condition that includes three comparisons: 



$age == 200 or $age == 30i 


3 and $name == "Goliath" 




If the customer's name is Goliath 


and he is 300 years old, this statement is 



true. The statement is also true if the customer is 200 years old, regardless 
of what his name is. This condition is not true if the customer is 300 years 
old, but his name is not Goliath. You get these results because the program 
checks the condition as follows: 

1. The and is compared. The program checks $ age to see whether it 
equals 300, and it checks $ n a m e to see whether it equals G o 1 i a t h . If 
both match, the condition is true, and the program does not need to 
check or. If only one or neither of the variables equal the designated 
value, the testing continues. 

2. The or is compared. The program checks $age to see whether it equals 
200. If it does, the condition is true. If it does not, the condition is false. 

You can change the order in which comparisons are made by using parenthe- 
ses. The word inside the parentheses is evaluated first. For instance, you can 
rewrite the previous statement with parentheses as follows: 

( $age == 200 or $age == 300 ) and $name == "Goliath" 
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The parentheses change the order in which the conditions are checked. Now 
the or is checked first. This condition is true if the customer's name is 

nd he is either 200 or 300 years old. You get these results because 
am checks the condition as follows: 




1. The or is compared. The program checks $ age to see whether it equals 
either 200 or 300. If it does, this part of the condition is true. However, 
the comparison on the other side of the and must also be true, so the 
testing continues. 

2. The and is compared. The program checks $name to see whether it 
equals Goliath. If it does, the condition is true. If it does not, the condi- 
tion is false. 

Use parentheses liberally, even when you believe that you know the order of 
the comparisons. Unnecessary parentheses can't hurt, but comparisons that 
have unexpected results can. 

If you are familiar with other languages, such as C, you may have used | | 
(for or) and && (for and) in place of the words. The | | and && work in PHP as 
well. The statement $ a < $b && $c > $b is just as valid as the statement 
$a < $b and $c > $b. The | | is checked before the word or, and the && is 
checked before the word and. 



Adding Comments to \lour Program 

Comments are notes that are embedded in the program itself. Adding comments 
in your programs that describe their purpose and what they do is essential. It's 
important for the lottery factor; that is, if you win the lottery and run off to a 
life of luxury on the French Riviera, someone else will have to finish the applica- 
tion. The new person needs to know what your program is supposed to do and 
how it does it. Actually, comments benefit you as well. You might need to revise 
the program next year when the details are long buried in your mind under 
more recent projects. 

Use comments liberally. PHP ignores comments; comments are for humans. 
You can embed comments in your program anywhere as long as you tell PHP 
that they are comments. The format for comments is 

/* comment text 
more comment text */ 

Your comments can be as long or as short as you need. When PHP sees code 
that indicates the start of a comment (/*), it ignores everything until it sees 
the code that indicates the end of a comment (*/). 
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The following is one possible format for comments at the beginning of each 
program: 



e: catalog. php 

cription: Program that displays descriptions of 
products. The descriptions are stored 
in a database. The product descriptions 
are selected from the database based on 
the category the user entered into a form, 
written by: Lola Designer 
created: 2/1/02 
modified: 3/15/02 



'/ 



You should use comments throughout the program to describe what the pro- 
gram does. Comments are particularly important when the program state- 



ments are complicated. Use comments such ; 


is the following freqi 


jently: 


/* Get the information from the date 
/* Check whether the customer is ovf 
/* Add shipping charges to the ordet 


jbase */ 

ir 18 years old * 
- total */ 


7 



PHP also has a short comment format. You can specify that a single line is a 
comment by using the pound sign (#) or two forward slashes (/ /) in the fol- 
lowing manner: 



# This is comment line 1 
// This is comment line 2 



You can also use # or / / in the middle of a line to signal the beginning of a 
comment. PHP will ignore everything from the # or / / to the end of the line. 
This is useful for commenting a particular statement, as in the following 
example: 

$average = SorderTotal /$nltems // compute average price 

Sometimes you really want to emphasize a comment. The following format 
makes a comment very noticeable: 

mmmmmmmmmm»mm 

## Double-Check This Section ## 

mmmmmmmmmmmmm 

PHP comments are not included in the HTML code that is sent to the user's 
browser. The user does not see these comments. 



Use comments as often as necessary in the script to make it clear. However, 
using too many comments is a mistake. Don't comment every line or everything 
that you do in the script. If your script is too full of comments, the really impor- 
tant comments can get lost in the maze. Only use comments to label sections 
and to explain code that is unusual or complicated — not code that is obvious. 
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Blocks for Programs 



In This Chapter 

^ Echoing output to Web pages 
^ Assigning values to variables 
^ Incrementing variables 

► Stopping and breaking out of programs 

► Creating and using arrays 

^ Using conditional statements 

^ Building and using loops for repeated statements 

^ Using functions 



J^HP programs are a series of instructions in a file named with an exten- 
W sion that tells the Web server to look for PHP sections in the file. (The 
extension is usually .phpor .phtml, but it can be anything that the Web 
server is configured to expect.) PHP begins at the top of the file and executes 
each instruction, in order, as it comes to it. Instructions are the building 
blocks of PHP programs. 

The basic building blocks are simple statements — a single instruction fol- 
lowed by a semicolon. A simple program consists of a series of simple state- 
ments. For example, the Hello World program that 1 discuss in Chapter 6 is a 
simple program. However, the programs that make up a Web database appli- 
cation are not that simple. They are dynamic and interact with both the user 
and the database. Consequently, the programs require more complex build- 
ing blocks. 

Here are some common programming tasks that require complex building 
blocks: 

1^ Storing groups of related values together: You often have information 
that is related, such as the description, picture, and price of a product or 
a list of customers. Storing this information as a group that you can 
access under one name is efficient and useful. This PHP feature is an 



army. 
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IW Setting up statements that execute only when certain conditions are 
met: Programs frequently need to do this. For instance, you may want to 



lay a toy catalog to a child and an electronics catalog to an adult, 
type of statement is a conditional statement. The PHP conditional 
statements are the i f statement and the case statement. 



1^ Setting up a block of statements that is repeated: You frequently need 
to repeat statements. For instance, you may want to create a list of all 
your customers. To do that, you might use two statements: one that gets 
the customer row from the database and a second one that stores the 
customer name in a list. You would need to repeat these two statements 
for every row in the customer database. The feature that enables you to 
do this is a loop. Three types of loops are for loops, while loops, and 
do . .while loops. 

1^ Writing blocks of statements that can be reused many times: Many 
tasks are performed in more than one part of the application. For 
instance, you might want to retrieve product information from the data- 
base and display it numerous times in an application. Getting and dis- 
playing the information might require several statements. Writing a 
block of statements that displays the product information and using this 
block repeatedly is much more efficient than writing the statements over 
again every time that you need to display the product information. PHP 
allows you to reuse statement blocks by creating a function. 

In this chapter, you find out how to use the building blocks of PHP programs. 
I describe the most frequently used simple statements and the most useful 
complex statements and variables. You find out how to construct the building 
blocks and what they are used for. Then in Chapter 8, you find out how to use 
these building blocks to move data in and out of a database. 



Useful Simple Statements 

A simple statement is a single instruction followed by a semicolon (;). Here 
are some useful simple statements used in PHP programs: 

echo statement: Produces output that browsers handle as HTML 

Assignment statement: Assigns values to variables 

Increment statement: Increases or decreases numbers in variables 

exi t statement: Stops the execution of your program 

1^ Function call: Uses stored blocks of statements at any location in 
a program 

I discuss these simple statements and when to use them in the following 
sections. 
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Usin0 echo statements 

l^cho statements to produce output. The output from an echo state- 
iWent to the user's browser, which handles the output as HTML 
(HyperText Markup Language). 

The general format of an echo statement is 

echo output! tem, outputitem, outputi tern . . . 

where the following rules apply: 

1/^ An outputi tern can be a number, a string, or a variable. A string must be 
enclosed in quotes. The difference between double and single quotes is 
explained in Chapter 6. 

List as many outputi terns as you need. 

" 1^ Separate each outputi tern with a comma. 

Table 7-1 shows some echo statements and their output. For the purposes 
of the table, assume that $stri ngl is set to Hel 1 o and $stri ng2 is set to 
World!. 
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Table 7-1 


echo Statements 




echo Statement 




Output 




echo "Hello"; 




Hel 1 0 




echo 123; 




123 




echo "Hel 1 0" , "Worl d ! " ; 




Hel 1 oWorld! 


echo Hel 1 o Worl d ! ; 




Not valid; results in an error message 


echo "Hel 1 0 Worl d ! " ; 




Hello World! 


echo ' Hel 1 0 World!'; 




Hello World! 


echo $stringl; 




Hel 1 0 


echo $stri ngl , $stri ng2 ; 




Hel 1 oWorld! 


echo "$stringl $string2" 




Hello World! 


echo "Hello ",$string2; 




Hello World! 


echo "Hello"," ",$string2 


; Hello World! 


echo ' $stri ngl ' , " $stri ng2 


" ; $stri nglWorl d ! 



Double quotes and single quotes have different effects on variables. When 
you use single quotes, variable names are echoed as-is. When you use double 
■^i^e^variable names are replaced by the variable values. 

You can separate variable names with curly braces (I )). For instance, the 
following statements 

$pet = "bi rd" ; 

echo "The $petcage has arrived."; 

will not output bi rd as the $pet variable. In other words, the output will not 
beThe birdcage has a r ri ved . Rather, PHP will look for the variable 
$petcage and won't be able to find it. You can echo the correct output by 
using curly braces to separate the $pet variable: 

$pet = "bi rd" ; 

echo "The {$pet)cage has arrived."; 
The preceding statement will output 

The birdcage has arrived. 

echo statements output a line of text that is sent to a browser. The browser 
considers the text to be HTML and handles it that way. Therefore, you need 
to make sure that your output is valid HTML code that describes the Web 
page that you want the user to see. 

When you want to display a Web page (or part of a Web page) by using PHP, 
you need to consider three stages in producing the Web page: 

ij The PHP program: PHP echo statements that you write. 

i/' The HTML source code: The source code for the Web page that you see 
when you choose ViewOSource in your browser. The source code is the 
output from the echo statements. 

1^ The Web page: The Web page that your users see. The Web page results 
" from the HTML source code. 

The echo statements send exactly what you echo to the browser — no more, 
no less. If you do not echo any HTML tags, none are sent. 

PHP allows some special characters that format output, but they are not 
HTML tags. The PHP special characters only affect the output from the echo 
statement — not the display on the Web page. For instance, if you want to 
start a new line in the PHP output, you must include a special character (\n) 
that tells PHP to start a new line. However, this special character just starts a 
new line in the output; it does not send an HTML tag to start a new line on the 
Web page. Table 7-2 shows examples of the three stages. 
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Table 7-2 




Stages of Web Page Delivery 


■\ legtw^tatement 




HTML Source Code 


Web Page Display 


jl\S ' , 

ecTir^ Hel 1 0 Wor 


Id!"; 


Hello World! 


Hello World! 


echo "Hel 1 o Wor 


Id!"; 


Hello World! 


Hel 1 0 Worl d ! Here I am! 


echo "Here I am 




Here I am! 




echo "Hel 1 o Wor 


ld!\n"; 


Hello World! 


Hel 1 0 Worl d ! Here I am! 


echo "Here I am 




Here I am! 




echo "Hello Worl 


d!<br>" 


; Hello World!<br> 


Hello World! 


echo "Here I am 




Here I am!" 


Here I am! 


echo "Hel 1 o Worl > 


d!<br>\n 


"; Hello World!<br> 


Hello World! 


echo "Here I am 




Here I am!" 


Here I am! 



Table 7-2 summarizes the differences between the stages in creating a Web 
page with PHP. To look at these differences more closely, consider the follow- 
ing two echo statements: 

echo "Line 1"; 
echo " Li ne 2" ; 



If you put these lines 
the following: 


in a program, you might expect the Web pagi 
■ 


e to display 


Line 1 
Line 2 












However, this is not the output that you would get. The Web page 


would actu- 



ally display this: 

Line ILine 2 

If you look at the source code for the Web page, you see exactly what is sent 
to the browser, which is this: 

Line ILine 2 

Notice that the line that is output and is sent to the browser contains exactly 
the characters that you echoed — no more, no less. The character strings 
that you echoed did not contain any spaces, so no spaces appear between 
the lines. 
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Also, notice that the two lines are echoed on the same line. If you want a new 
line to start, you have to send a signal indicating the start of a new line. To 
jkl Aat a new line starts here in PHP, echo the special character \ n . 
le echo statements to the following: 

echo "line l\n"; 
echo "1 i ne 2" ; 

Now you get what you want, right? Well, actually no. Now you see the follow- 
ing on the Web page: 

line 1 line 2 



If you look at the source code, you see this: 



line 1 
line 2 






So, the \n did its job: It started a new line in the output. However, HTML dis- 
plays the output on the Web page as one line. If you want HTML to display 
two lines, you must use a tag, such as the <br> tag. So, change the PHP end- 
of-line special character to an HTML tag, as follows: 


echo "line l<br> 
echo "1 i ne 2" ; 










Now you see what you want on the Web page 






line 1 
line 2 







If you look at the source code for this output, you see this: 

line l<br>line 2 




Use \ n liberally. Otherwise, your HTML source code will have some really 
long lines. For instance, if you echo a long form, the whole thing might be one 
long line in the source code, even though it looks fine in the Web page. Use \n 
to break the HTML source code into reasonable lines. Taking the extra time to 
add these breaks will pay off if you have to troubleshoot a Web page that 
doesn't look the way you expected. It's much easier to examine the source 
code if it's not a mile-long line. 



Usin0 assignment statements 

Assignment statements are statements that assign values to variables. The 
variable name is listed to the left of the equal sign; the value to be assigned to 
the variable is listed to the right of the equal sign. Here is the general format: 
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e can be a single value or a combination of values, including values 
es. A variable can hold numbers or characters but not both at the 
same time. Therefore, a value cannot be a combination of numbers and char- 
acters. The following are valid assignment statements: 



$number = 2; 
$number = 2+1; 

$number = (2 - 1) * (4 * 5) -17; 
$nuniber2 = Snumber + 3; 
$stri ng = "Hel 1 o Worl d" ; 
$string2 = Sstring." again!"; 

If you combine numbers and strings in a value, you won't get an error mes- 
sage; you'll just get unexpected results. For instance, the following state- 
ments combine numbers and strings: 



Snumber = 2; 

$stri ng = "Hel 1 o" ; 

$combined = Snumber + $string; 

$corTibined2 = Snumber . $stri ng ; 

echo $combined; 

echo <br>; 


4 




echo $combined2; 







The output of these statements is 

2 (Sstring is evaluated as 0) 

2Hello (Snumber is evaluated as a character) 



Usin^ increment statements 

Often a variable is used as a counter. For instance, suppose you want to be 
sure that everyone sees your company logo, so you display it three times. 
You set a variable to 0. Each time that you display the logo, you add 1 to the 
variable. When the value of the variable reaches 3, you know that it's time to 
stop showing the logo. The following statements show the use ofacounter: 

$counter=0 ; 

Scounter = Scounter + 1; 
echo Scounter; 

These statements would output 1 . Because counters are used so often, PHP 
provides shortcuts. The following statements have the same effect as the pre- 
ceding statements. 



Part III: PHP 



$xount( 

D Books 

Thi>; p r h f 



$counter=0 ; 
$j:ounter++; 

counter ; 



This echo statement also outputs 1 because ++ adds 1 to the current value of 
Scounter.Or you can use the following statement: 

Scounter-- ; 

This statement subtracts 1 from the current value of $counter. 

Sometimes you may want to do a different arithmetic operation. You can use 
any of the following shortcuts: 



$counter+=2 
$counter-=3 
$counter*=2 
$counter/=3 








These statements add 2 to $counter, subtract 3 from $counter, 
$counter by 2, and divide $counter by 3, respectively. 


multiply 



Usin0 exit 

Sometimes you want the program to stop executing — just stop at some 
point in the middle of the program. For instance, if the program encounters 
an error, often you want it to stop rather than continue with more state- 
ments. The exit statement stops the program. No more statements are exe- 
cuted after the exit statement. The format of an exit statement is 

exi t ( "message" ) ; 

The message is a message that is output when the program exits. For 
instance, you might use the statement 

exitC'The program is exiting"); 
You can also stop the program with the d i e statement, as follows: 

die("The program is dying"); 

The di e statement is the same as the exit statement, die is just another 
name for exi t. Sometimes it's just more fun to say die. 
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are blocks of statements that perform certain specified tasks. You 
of functions as mini-programs or subprograms. Tfie block of state- 
ments is stored under a function name, and you can execute the block of 
statements any place you want by calling the function by its name. (For 
details on how to use functions, check out the section, "Using Functions," 
later in this chapter.) 

You can call a function by listing its name followed by parentheses, like this: 



fundi onnamei ) ; 



For instance, you might have a function that gets all the names of customers 
that reside in a certain state from the database and displays the names in a 
list in the format /5s£ name, first name. You write the statements that do 
these tasks and store them as a function under the name get_nanies. Then 
when you call the function, you need to specify which state. You can use the 
following statement at any location in your program to get the list of cus- 
tomer names from the given state, which in this case is California: 



get_names ( ' CA ' ) ; 



The value in the parentheses is given to the function so it knows which state 
you're specifying. This is passing the value. You can pass a list of values. 

PHP provides many built-in functions. For example, in Chapter 6, 1 discuss a 
built-in function called unset. You can uncreate a variable named $testvar 
by using this function call: 



unset($testvar) ; 



Usirt^ PHP Armifs — 

Arrays are complex variables. An array stores a group of values under a 
single variable name. An array is useful for storing related values. For 
instance, you can store information about a shirt (such as size, color, and 
cost) in a single array named $shi rti nf o. Information in an array can be 
handled, accessed, and modified easily. For instance, PHP has several meth- 
ods for sorting an array. 

The following few sections give you the lowdown on arrays. 
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lest way to create an array is to assign a value to a variable with 
rackets ([ ]) at the end of its name. For instance, assuming that you 
have not referenced $pets at any earlier point in the program, the following 
statement creates an array called $pets: 

$pets[l] = "dragon"; 

At this point, the array named $pets has been created and has only one 
value — dragon. Next, you use the following statements: 



tpets[2] 
tpets [3] 



urn corn 
'ti ger" ; 



Now the array $pets contains three values: dragon, unicorn, and tiger. 

An array can be viewed as a list of key/ value pairs. To get a particular value, 
you specify the key in the brackets. In the preceding array, the keys are 
numbers — 1,2, and 3. However, you can also use words for keys. For 
instance, the following statements create an array of state capitals: 



$capi tal s [ ' CA ' ] = "Sacramento"; 




5)Capi ta 1 s L 1 A J = Austi n 
$capital s[ 'OR' ] = "Salem" 






You can use shortcuts rather than write separate assignment statements for 
each number One shortcut uses the following statements: 


$pets[] = "dragon"; 
$pets[] = "unicorn"; 
$pets[] = "tiger"; 







When you create an array using this shortcut, the values are automatically 
assigned keys that are serial numbers, starting with the number 0. For 
example, the following statement 

echo "$pets[0]"; 

sends the following output: 

dragon 

The first value in an array with a numbered index is 0 unless you deliberately 
set it to a different number One common mistake when working with arrays 
is to think of the first number as 1 rather than 0. 



An even better shortcut is to use the following statement: 



Chapter 7: PHP Building Blocks for Programs 



$pets = array( "dragon" , "uni corn" , "ti ger" ) ; 



DropBocte 



ment creates the same array as the preceding shortcut. It assigns 
as keys, starting with 0. You can use a similar statement to create 
arrays with words as keys. For example, the following statement creates the 
array of state capitals: 



Scapitals = arrayC "CA" => "Sacramento", "TX" => "Austin" 
"OR" => "Salem" ) ; 



Viewing arrai^s 

You can echo an array value like this: 

echo $capi tal s [ ' TX ' ] ; 



If you include the array value in a longer echo statement that's enclosed by 
double quotes, you may need to enclose the array value name in curly braces 
like this: 



echo "The capital of Texas 


; is {$capitals['TX'])<br>" 




You can see the structure and values of any array by using a pri nt_r 
statement. To display the $ c a p i t a 1 s array, use the following statement: 


pri nt_r ( $capi tal s ) ; 






This pri nt_r statement provide; 


s the following output: 





Array 
( 

[CA] => Sacramento 
[TX] => Austin 
[OR] => Salem 



) 

This output shows the key and the value for each element in the array. 

The output will display on the Web page with HTML, which means that it will 
display in one long line. To see the output on the Web in the useful format 
that 1 describe here, send HTML tags that tell the browser to display the text 
as received, without changing it, by using the following statements: 

echo "<pre>" ; 

pri nt_r ( $capi tal s ) ; 

echo "</pre>"; 
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RemoOing^ Values from armies 



les you need to completely remove a value from an array. For example, 
; you have the following array: 



$pets = array( "dragon", "unicorn", "tiger", 
"parrot" , "scorpion" ) ; 

This array has five values. Now you decide that you no longer want to carry 
scorpions in your pet store, so you use the following statement to try to 
remove scorpion from the array: 

$pets[4] = ""; 

Although this statement sets $ pets [4] to an empty string, it does not 



values is bei ngempty 1 . To totally remove the 
to unset it with the following statement: 


: item from the array, you need 


unset($pets[4] ) ; 






Now your array has only four values in it. 







Sorting arrai^s ■ 

One of the most useful features of arrays is that PHP can sort them for you. 
PHP originally stores array elements in the order in which you create them. If 
you display the entire array without changing the order, the elements will be 
displayed in the order in which they were created. Often, you want to change 
this order For example, you may want to display the array in alphabetical 
order by value or by key. 

PHP can sort arrays in a variety of ways. To sort an array that has numbers 
as keys, use a sort statement as follows: 

sort ( $pets ) ; 

This statement sorts by the values and assigns new keys that are the appro- 
priate numbers. The values are sorted with numbers first, uppercase letters 
next, and lowercase letters last. For instance, consider the $pets array cre- 
ated in the preceding section: 



$pets[0] = 


"dragon" ; 


$pets[l] = 


"unicorn" ; 


$pets[2] = 


"ti ger" ; 
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After the following sort statement 
pets ) ; 
array becomes 



$pets[0] = "dragon"; 
$pets[l] = "tiger"; 
$pets[2] = "unicorn" ; 

If you use s o r t ( ) to sort an array with words as keys, the keys will be 
changed to numbers, and the word keys will be thrown away. 

To sort arrays that have words for keys, use the asort statement as follows: 

asort ( $capi tal s ) ; 

This statement sorts the capitals by value but keeps the original key for each 
value instead of assigning a number key. For instance, consider the state capi- 
tals array created in the preceding section: 



$capi tal s [ ' CA ' ] 
Scapital s[ 'TX' ] 
Scapital s[ 'OR' ] 

After the following sort statement 



"Sacramento" ; 
"Austi n" ; 
"Sal em" ; 



asort ( $capi tal s ) ; 



the array becomes 



$capital s[ 'TX ' ] 
$capital s[ 'CA' ] 
$capital s[ 'OR' ] 



= "Austin"; 

= "Sacramento"; 

= "Salem"; 



Notice that the keys stayed with the value when the elements were 
reordered. Now the elements are in alphabetical order, and the correct state 
key is still with the appropriate state capital. If the keys had been numbers, 
the numbers would now be in a different order. For example, if the original 
array were 



$capitals[l] = "Sacramento"; 
$capitals[2] = "Austin"; 
$capitals[3] = "Salem"; 



after an asort statement, the new array would be 



$capital s[2] 
$capital s[l] 
$capi tal s [3] 



Austi n 
Sacramento 
Sal em 
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several other sort statements that sort in other ways. Table 7-3 
e available sort statements. 



Table 7-3 



Ways You Can Sort Arrays 



Sort Statement 



What It Does 



sort ( iarrayname ) 


Sorts by value; assigns new numbers 
as the keys 


asorti$a rrayname) 


Sorts by value; keeps the same key 


rsorti$a rrayname) 


Sorts by value in reverse order; 
assigns new numbers as the keys 


arsorti$arrayname) 


Sorts by value in reverse ore 
the same key 


ier; keeps 


ksorti$a rrayname) 


Sorts by key 




kr so rti$arrayna me ) 


Sorts by key in reverse orde 


r 


usorti$a rrayname , functi onname) 


Sorts by a function (see "Usi 


ng 

rter) 


i-unctions, later in tnis cnaf 



Getting (/atues from armies 

You can retrieve any individual value in an array by accessing it directly. Here 
is an example: 

$CAcapital = $capital s[ ' CA' ] ; 
echo $CAcapital ; 

The output from these statements is 

Sacramento 

If you use an array element that doesn't exist in a statement, a notice is dis- 
played. (Read about notices in Chapter 6.) For example, suppose that you use 
the following statement: 

SCAcapital = Scapital s[ ' CAx' ] ; 

If the array $capi tal s exists but no element has the key CAx, you see the 
following notice: 

Notice: Undefined index: CAx in d:\testarray.php on line 9 
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Remember that a notice does not cause the script to stop. Statements after 
the notice will continue to execute. But because no value has been put into 
a 1 , any subsequent echo statements will echo a blank space. You 
nt the notice from being displayed by using the @ symbol: 



@$CAcapital = $capi tal s [ ' CAx ' ] ; 



You can get several values at once from an array using the list statement or 
all the values from an array by using the extract statement. 

The list statement gets values from an array and puts them into variables. 
The following statements include a 1 i st statement: 

Sshirtlnfo = array ("large", "blue", 12.00); 
sort ( $shi rtinf 0 ) ; 

1 i St ( $f i rstval ue , $secondval ue ) = $shirtInfo; 
echo $fi rstval ue , "<br>" ; 
echo $secondval ue , "<br>" ; 



The first line creates the Sshirtlnfo array. The second line sorts the array. 
The third line sets up two variables named $f i rstval ue and $secondval ue 
and copies the first two values in $shirtInfo into the two new variables, as 
if you had used the two statements 



$fi rstval ue=$shirtlnfo[0]; 
$secondvalue=$shirtInfo[l]; 



The third value in $shirtInfo is not copied into a variable because there are 
only two variables in the list statement. The output from the echo state- 
ments is 



bl ue 
1 arge 



Notice that the output is in alphabetical order and not in the order in which 
the values were entered. It's in alphabetical order because the array is sorted 
after it is created. 



You can retrieve all the values from an array with words as keys using extract. 
Each value is copied into a variable named for the key. For instance, the fol- 
lowing statements get all the information from $shirtInfo and echo it: 

extract( $shi rtlnfo) ; 

echo "size is $size; color is $color; cost is $cost"; 



The output for these statements is 



size is large; color is blue; cost is 12.00; 
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Walking through an armi^ 



ften want to do something to every value in an array. You might 
cho each value, store each value in the database, or add six to each 
value in the array. In technical talk, walking through each and every value in 
an array, in order, is iteration. It is also sometimes called traversing. Here are 
two ways to walk through an array: 

11/* Manually: Move a pointer from one array value to another 
>^ Using f oreach: Automatically walk through the array, from beginning to 
end, one value at a time 



Manmtti^ ufatkin^ through an arraif 

You can walk through an array manually by using a pointer. To do this, 
think of your array as a list. Imagine a pointer pointing to a value in the list. 
The pointer stays on a value until you move it. After you move it, it stays 
there until you move it again. You can move the pointer with the following 
instructions: 

J 

V current iiarrayname): Refers to the value currently under the pointer; 
does not move the pointer 

1^ next( $a rrayname): Moves the pointer to the value after the current 
value 

1^ previous($arr ayn a me): Moves the pointer to the value before the 
current pointer location 

e n d ( $ a r ray name ) : Moves the pointer to the last value in the array 
reset i$arrayname): Moves the pointer to the first value in the array 

The following statements manually walk through an array containing state 
capitals: 



$value = current ($capitals); 

echo "$val ue<br>" ; 

$value = next (Scapitals); 

echo " $val ue<br> " ; 

$value = next ($capitals); 

echo "$val ue<br>" ; 



Unless you have moved the pointer previously, the pointer is located at the 
first element when you start walking through the array. If you think that the 
array pointer may have been moved earlier in the script or if your output 
from the array seems to start somewhere in the middle, use the reset state- 
ment before you start walking, as follows: 



reset ( $capi tal s ) 
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When using this method to walk through an array, you need an assignment 
statement and an echo statement for every value in the array — for each of 
tes. The output is a list of all the state capitals. 



This method gives you flexibility. You can move through the array in any 
manner — not just one value at a time. You can move backwards, go directly 
to the end, skip every other value by using two next statements in a row, or 
whatever method is useful. However, if you want to go through the array from 
beginning to end, one value at a time, PHP provides f oreach, which does 
exactly what you need much more efficiently, foreach is described in the 
next section. 



Usin0 foreach to ufatk through an anaif 

foreach walks through the array one value at a time and executes the block 
of statements by using each value in the array. The general format is 

foreach( iarrayname as %keyname 
I 

block of statements; 

} 



=> $val uename ) 



Fill in the following information: 



jj 1/^ a rrayname: The name of the array that you're walking through. 

keyname: The name of the variable where you want to store the key. 
keyname is optional. If you leave out ikeyname =>, the value is put into 

$ va / uename. 

1^ va 1 uename: The name of the variable where you want to store the value. 

For instance, the following foreach statement walks through the sample 
array of state capitals and echoes a list: 

$capitals = array ( "CA" => "Sacramento", "TX" => "Austin", 
"OR" => "Salem" ) ; 

ksort ($capitals); 

foreach ( Scapitals as %state => %c1ty ) 
{ 

echo "$city, $state<br>"; 

1 



The preceding statements give the following Web page output: 



Sacramento, CA 
Salem, OR 
Austin, TX 



You can use the following line in place of the foreach line in the previous 
statements. 
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ng this fo reach statement, only the city is available for output. You 
n use the following echo statement: 



echo " $ci ty<br>" ; 

The output with these changes is 

Sacramento 
Sal em 
Austi n 

When fo reach starts walking through an array, it moves the pointer to the 
beginning of the array. You don't need to reset an array before walking 
through it with f o r e a c h . 



Muttidimenshnat armies 

In the earlier sections of this chapter, 1 describe arrays that are a single list of 
key/value pairs. However, on some occasions, you might want to store values 
with more than one key. For instance, suppose you want to store these prod- 
uct prices together in one variable: 

1^ shirt, 20.00 
1^ pants, 22.50 
1^ blanket, 25.00 

bedspread, 50.00 
1^ lamp, 44.00 
rug, 75.00 

You can store these products in an array as follows: 

$productPri ces [ ' shi rt ' ] = 20.00; 
$productPri ces[ ' pants ' ] = 22.50; 
$productPri ces[ ' bl anket ' ] = 25.00; 
$productPri ces[ ' bedspread ' ] = 50.00; 
$productPri ces[ ' 1 amp ' ] = 44.00; 
$productPri ces[ ' rug ' ] = 75.00; 

Your program can easily look through this array whenever it needs to know 
the price of an item. But suppose that you have 3,000 products. Your program 
would need to look through 3,000 products to find the one with shirt or rug as 
the key. 
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Notice that the list of products and prices includes a wide variety of products 
that can be classified into groups: clothing, linens, and furniture. If you clas- 
roducts, the program would only need to look through one classifi- 
find the correct price. Classifying the products would be much 
more efficient. You can classify the products by putting the costs in a multi- 
dimensional array as follows: 



SproductPr 
$productPr 
$productPr 
$productPr 
$productPr 



ces [ ' cl othi ng ' ] [ ' shi rt ' ] 
ces['clothing']['pants'] 
ces['linens']['blanket'] 
ces['linens']['bedspread' 
ces['furniture']['larnp'] 



$productPrices['furniture']['rug'] 



20.00; 
22.50; 
25.00; 
= 50.00; 
44.00; 
75.00; 



This kind of array is a multidimensional array because it's like an array of 
arrays . Figure 7- 1 shows thestructureof $productPrices as an array of 
arrays. The figure shows that $productPri ces has three key/value pairs. 
The keys are clothing, linens, and furniture. The value for each key is an array 
with two key/value pairs. For instance, the value for the key clothing is an 
array with the two key/value pairs: shirt/20.00 and pants/22.50. 



Figure 7-1: 

An array 
of arrays. 



SproductPrices 


key 


value 








key 


value 




clothing 


shirt 


20.00 






pants 


22.50 




linens 


blanket 


30.00 






bedspread 


50.00 




furniture 


lamp 


44.00 






rug 


75.00 



$productPrices isa two-dimensional array. PHP can also understand multi- 
dimensional arrays that are four, five, six, or more levels deep. However, my 
head starts to hurt if 1 try to comprehend an array that is more than three 
levels deep. The possibility of confusion increases when the number of 
dimensions increases. 

You can get values from a multidimensional array by using the same proce- 
dures that you use with a one-dimensional array. For instance, you can 
access a value directly with this statement: 

SshirtPrice = $productPri ces [' cl othi ng '][' shi rt '] ; 

You can also echo the value: 

echo $productPrices['clothing']['shirt']; 
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However, if you combine the value within double quotes, you need to use 
curly braces to enclose the variable name. The $ that begins the variable 
St follow the { immediately, without a space, as follows: 



e price of a shirt is \$ |$productPri ces[ ' cl othi ng ' ] [ ' shi rt ' ] 1 " ; 

Notice the backslash (\) in front of the first dollar sign ($). The backslash 
tells PHP that $ is a literal dollar sign and not the beginning of a variable 
name. The output is 



The price of a shirt is $20 



You can walk through a multidimensional array by using fo reach statements 
(described in the preceding section). You need aforeach statement for each 
array. One fo reach statement is inside the other f oreach statement. Putting 
statements inside other statements is nesting. 

Because a two-dimensional array, such as $productPrices, contains two 
arrays, it takes two f orea ch statements to walk through it. The following 
statements get the values from the multidimensional array and output them 
in an HTML table: 



echo "<table border=l>"; 

foreach( $productPri ces as Scategory ) 

I 

foreach( Scategory as $product => $price ) 
{ 

$f_price = spri ntf ( "%01 . 2f " , $price); 

echo " <tr><td>$ product :</td><td>\$$fjrice</td></tr>" ; 

1 

) 

echo "</table>"; 



Figure 7-2 shows the Web page produced with these PHP statements. 



Figure 7-2: 

The Web 
page 
output for 
the multi- 
dimensional 
array. 
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ishlit: 


$20.00 


pants: 


;$32.50 


blanket: 


:$25.00 


bcrlsprearJ: $50 DO 


lamp: 


i$44.00 


jrug: 


|$75.00i 



jbocunent: Done 
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uts the tabl e tag. 

the first key/value pair in the $productPrices array and stores the 
value in the variable $category. The value is an array. 

3. Gets the first key/value pair in the $category array. Stores the key in 
$product and stores the value in $pri ce. 

4. Formats the value in $ p r i c e into the correct format for money. 

5. Echoes one table row for the product and its price. 

6. Goes to the next key/value pair in the $category array. 

7. Formats the price and echoes the next table row for the product and its 
price. 

8. Because there are no more key/value pairs in $category, the inner 
f oreach statement ends. 

9. Goes to the next key/value pair in the outer f oreach statement. Puts the 
next value in$category, which is an array. 

10. Repeats the procedure in Steps 2-9 until the last key/value pair in the 
last $category array is reached. The inner f oreach statement ends. 
The outer f oreach statement ends. 

1 1 . Outputs the /table tag to end the table. 

In other words, the outer f oreach starts with the first key/value pair in the 
array. The key is cl othi ng, and the value of this pair is an array that is put 
into the variable $category. The inner f o r e a c h then walks through the 
array in $category. When it reaches the last key/value pair in $category, it 
ends. The program is then back in the outer loop, which goes on to the 
second key/value pair . . . and so on until the outer f oreach reaches the end 
of the array. 



Useful Conditiomt Statements 



A conditional statement executes a block of statements only when certain con- 
ditions are met. Here are two useful types of conditional statements: 

*^ i f statement: Sets up a condition and tests it. If the condition is true, a 
block of statements is executed. 

switch statement: Sets up a list of alternative conditions. Tests for the 
true condition and executes the appropriate block of statements. 



I describe these statements in more detail in the following two sections. 
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tement asks whether certain conditions exist. A block of statements 
depending on which conditions are met. The general format of an 
i f conditional statement is 



if ( condition ... ) 
block of statements 



1 sei f ( condition ... ) 



block of statements 



1 se 



block of statements 



The i f statement consists of three sections: 



1^ i f : This section is required. It tests a condition. 

• If condition is true: The block of statements is executed. After the 
statements are executed, the program moves to the next instruc- 
tion following the conditional statement; if the conditional state- 
ment contains any el sei f or el se sections, the program skips 
over them. 

• If condition is not true: The block of statements is not executed. 
The program skips to the next instruction, which can be an 

el sei f, an el se, or the next instruction after the i f conditional 
statement. 

1^ el sei f: This section is optional. It tests a condition. You can use more 
than one el sei f section if you want. 

• If condition is true: The block of statements is executed. After 
executing the block of statements, the program goes to the next 
instruction following the conditional statement; if the i f statement 
contains any additional el sei f sections or an el se section, the 
program skips over them. 

• If condition is not true: The block of statements is not executed. 
The program skips to the next instruction, which can be an 

el sei f, an el se, or the next instruction after the i f conditional 
statement. 

1^ else: This section is optional. Only one else section is allowed. This 
section does not test a condition; rather, it executes the block of state- 
ments. If the program has entered this section, it means that the i f sec- 
tion and all the el sei f sections are not true. 
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Each section of the i f conditional statement tests a condition that consists 
of one or more comparisons. A comparison asks a question that can be true 
ome conditions are 



1; 

$a < $b 

$c != "Hello" 

The first comparison asks whether $a is equal to 1; the second comparison 
asks whether $a is smaller than $b; the third comparison asks whether $c is 
not equal to " Hel 1 o " . You can use two or more comparisons in a condition 
by connecting the comparisons with and, or,orxor.l discuss comparing 
values and using more than one comparison in detail in Chapter 6. The follow- 
ing example uses all three sections of the i f conditional statement. Suppose 
that you have German, French, Italian, and English versions of your product 
catalog. You want your program to display the correct language version, 
based on where the customer lives. The following statements set a variable 
to the correct catalog version (depending on the country where the customer 
lives) and set a message in the correct language. You can then display a mes- 
sage in the appropriate language. 

if (Scountry == "Germany" ) 



Sversion = "German"; 

$message = " Sie sehen unseren Katalog auf Deutsch"; 
Iseif (Scountry == "France" ) 
Sversion = "French"; 

Smessage = " Vous verrez notre catalogue en francais" 



Iseif ($country == "Italy" ) 



Aversion = "Italian"; 

tmessage = " Vedrete il nostro catalogo in Italiano" 



1 se 



f versi on 
tmessage 



"Engl ish" ; 
"You will see 



our catalog in English' 



echo " $message<br>" 



The i f conditional statement proceeds as follows: 



Compares the variable Icountry to "Germany". If they are the same, 
$ versi on is set to "German ", $message is set in German, and the pro- 
gram skips to the echo statement. If $country does nof equal Germany, 
$versi on and Smessage are nof set, and the program skips to the 
e 1 s e i f section. 
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Compares the variable $country to " France". If they are the same, 
version and Smessage are set, and the program skips to the echo 
^ement. If $country does nof equal France, $versi on and Smessage 
of set, and the program skips to the second el sei f section. 




Compares the variable $country to "Italy". If they are the same, 
$versi on is set to " Ital i an", and the program skips to the echo state- 
ment. If $country does not equal Italy, $versi on and Smessage are 
not set, and the program skips to the else section. 

4. $ vers i on is set to English, and $message is set in English. The pro- 
gram continues to the echo statement. 

Notice that only the message is echoed in this example. However, the vari- 
able $versi on is stored because the version is useful information that can be 
used later in the program. 

When the block to be executed by any section of the i f conditional state- 
ment contains only one statement, the curly braces are not needed. For 
instance, if the preceding example only had one statement in the blocks, as 
follows: 



if (Scountry == 
1 

Sversion = "F 


" France" ) 
rench" ; 






1 









You could write it as follows: 



if ($country == "France" ) 
$version = "French"; 



This shortcut can save some typing, but when several i f statements are 
used, it can lead to confusion. 

You can have an i f conditional statement inside another i f conditional 
statement. Putting one statement inside another is nesting. For instance, sup- 
pose that you need to contact all your customers who live in Idaho. You plan 
to send e-mail to those who have an e-mail address and send a letter to those 
who do not have an e-mail address. You can identify the groups of customers 
by using the following nested i f statements: 



if ( $custState == " 


ID" ) 


{ 

if ( SEmailAdd != 


„„ ) 


1 

$contactMethod 

1 


= "letter"; 


el se 
1 
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$contactMethod = "none needed"; 

1 

These statements first check to see whether the customer lives in Idaho. If 
the customer does live in Idaho, the program tests for an e-mail address. If 
the e-mail address is blank, the contact method is set to 1 etter. If the e-mail 
address is not blank, the contact method is emai 1 . If the customer does not 
live in Idaho, the else section sets the contact method to indicate that the 
customer will not be contacted at all. 



Usin^ switch statements 

For most situations, the i f conditional statement works best. However, 
sometimes you have a list of conditions and want to execute different state- 
ments for each of the conditions. For instance, suppose that your program 
computes sales tax. How do you handle the different state sales tax rates? 
The switch statement was designed for such situations. 



The switch statement tests the value of one variable and executes the block 
of statements for the matching value of the variable. The general format is 



switch ( %vari abl ename ) 


case value : 




block of 


statements ; 


break ; 




case value : 




block of 


statements ; 


break ; 




def aul t : 




block of 


statements ; 


break ; 




} 





The swi tch statement tests the value of $ van' abl ename. The program then 
skips to the case section for that value and executes statements until it 
reaches a brea k statement or the end of the switch statement. If there is no 
case section for the value of $va ri abl ename, the program executes the 
def aul t section. You can use as many case sections as you need. The 
default section is optional. If you useadefault section, it's customary to 
put the def aul t section at the end, but it can go anywhere. 
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The following statements set the sales tax rate for different states: 

UxiJa ( $custState ) 



P "OR" : 

$sal estaxrate = 0; 
break ; 
case "CA " : 

$sal estaxrate = 1.0; 
break ; 
def aul t : 

$sal estaxrate = .5; 
break ; 

) 

Ssalestax = SorderTotal Cost * $sal estaxrate ; 



In this case, the tax rate for Oregon is 0, the tax rate for California is 100 per- 
cent, and the tax rate for all the other states is 50 percent. The swi tch state- 
ment looks at the value of $custState and skips to the section that matches 
the value. For instance, if $custState isTX, the program executes the 
def aul t section and sets $sal estaxrate to . 5. After the swi tch statement, 
the program computes Ssalestaxat .5 times the cost of the order. 

The break statements are essential in the case section. If a case section 
does not include a brea k statement, the program does not stop executing at 
the end of the case section. The program continues executing statements 
past the end of the case section, on to the next case section, and continues 
until it reaches the end of the switch statement (or perhaps a brea k state- 
ment in a later case section). 

The last case section in a s w i t c h statement doesn't actually require a b r e a k 
statement. You can leave it out. However, it's a good idea to include it for 
clarity. 



U$m0 Loops 

Loops, which are used frequently in programs, set up a block of statements 
that repeat. Sometimes, the loop repeats a specified number of times. For 
instance, a loop to echo all the state capitals needs to repeat 50 times. 
Sometimes, the loop repeats until a certain condition exists. For instance, a 
loop that displays product information for all the products needs to repeat 
until it has displayed all the products, regardless of how many products there 
are. Here are three types of loops: 

Basic for loop: Sets up a counter; repeats a block of statements until the 
counter reaches a specified number 

j^* whi 1 e loop: Sets up a condition; checks the condition; and if it is true, 
repeats a block of statements 
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I I describe 



1*^ do . .whi 1 e loop: Sets up a condition; executes a block of statements; 
checks the condition; if the condition is true, repeats the block of 



,ements 

describe each of these loops in detail in the following few sections. 



Usin^ far loops 

The most basic for loops are based on a counter. You set the beginning value 
for the counter, set the ending value, and set how the counter is incremented. 
The general format is 

for {start i ngvalue ; endingconditi on; i ncrement) 
{ 

block of statements; 

} 

Fill in the following values: 

1^ sta rti ngval ue: A statement that sets up a variable to be your counter 
and sets it to your starting value. For instance, the statement $i =1 ; sets 
$ i as the counter variable and sets it equal to 1 . Frequently, the counter 
variable is started at 0 or 1. The starting value can be a combination of 
numbers (2 + 2) or a variable. 

1^ endi ngcondi ti on: A statement that sets your ending value. As long as 
this statement is true, the block of statements keeps repeating. When 
this statement is not true, the loop ends. For instance, the statement 
$ i < 1 0 ; sets the ending value for the loop to 10. When $ i is equal to 10, 
the statement is no longer true (because $ i is no longer less than 10), 
and the loop stops repeating. The statement can include variables, such 
as $i <$si ze ; . 

1/^ i ncrement: A statement that increments your counter For instance, the 
statement $ i ++ ; adds 1 to your counter at the end of each block of 
statements. You can use other increment statements, such as $ I+=l ; 
or $ i - - ; . 

The basic for loop sets up a variable — for example, a variable called $ i , — 
that is a counter. This variable has a value during each loop. The variable $ i 
can be used in the block of statements that is repeating. For instance, the 
following simple loop displays Hel 1 o World! three times: 

for ($i=l;$i<=3;$i++) 
I 

echo "$i. Hello World!<br>"; 

} 
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The statements in the block do not need to be indented. PHP doesn't care 
whether they're indented. However, indenting the blocks makes it much 
I ^y^^^^ understand the program. 

The output from these statements is 



1. Hello World! 

2. Hello World! 

3. Hello World! 



for loops are particularly useful to loop through an array. Suppose that you 
have an array of customer names and want to display them all. You can do 
this easily with a loop: 

for ($i=0;$i<100;$i++) 
{ 

echo "$customerNarries[$i ]<br>" ; 

} 



The output displays a Web page with a list of all the customer names, one on 
each line. In this case, you know that you have 100 customer names, but sup- 
pose that you don't know how many customers are in this list. You can ask 
PHP how many values are in the array and use that value in your for loop. 
For example, you can use the following statements: 













for ($i=0;$i<sizeof ($cust 
{ 

echo " $customerNames [ $ 

) 


omerNames ) 
i]<br>" ; 


;$i++) 













Advanced /or loops 



The structure of a for loop is quite flexible and allows you to build loops for almost any purpose. 
A for loop has this general format: 

for ( beginning statements; 

conditional statements; 
ending statements) 

I 

block of statements; 

1 

Where 

(-«' The beginning statements execute once at the start of the loop. 

The conditional statements are tested for each iteration of the loop. 
1^ The ending statements execute once at the end of the loop. 
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^^^rjeltjjBl^^^d. separated by commas. Any section can be empty. 

The following loop has statements in all three sections: 

for ($i=0,$j=l;$t<=4;$i++,$j++) 
{ 

$t = $i + $j ; 
echo "$t<br>"; 

) 

The output of these statements is 

1 
3 
5 

The loop is executed in the following order: 

1. The beginning section containing two statements is executed; $i is set to 0, and $j is set 
to 1. 

2. The conditional section containing one statement is evaluated. Is $t less than or equal to 4? 
Yes, so the statement is true. The loop continues to execute. 

3. The statements in the statement block are executed. $t becomes equal to $i plus $j, which 
is 0 + 1, which equal 1. Then $t is echoed to give the output 1. 

4. The ending section containing two statements is executed — $i++ and $ One is added 
to $i so it equals 1, and 1 is added to $ j so that it now equals 2. 

5. The conditional section is evaluated. Is $t less than or equal to 4? Because $t is equal to 1 at 
this point, the statement is true. The loop continues to execute. 

6. The statements in the statement block are executed. $t becomes equal to $i plus $j, which 
is 1 + 2, which equal 3. Then $t is echoed to give the output 3. 

7. The ending section containing two statements is executed — $i++ and $ One is added 
to $i so it equals 2, and 1 is added to $ j so that it equals 3. 

8. The conditional section is evaluated. Is $t less than or equal to 4? Because $t now equals 3, 
the statement is true. The loop continues to execute. 

9. The statements in the statement block are executed. $t becomes equal to $i plus $j, which 
is 2 + 3, which equal 5. Then $t is echoed to give the output 5. 

10. The ending section containing two statements is executed — $i++ and $ One is added 
to $i so it equals 3, and one is added to $j so that it equals 4. 

11. The conditional section is evaluated. Is $t less than or equal to 4? Because $t now equals 5, 
the statement is not true. The loop does not continue to execute. The loop ends, and the pro- 
gram continues to the next statement after the end of the loop. 
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Notice that the ending value is si zeof ( $customerNames ). This statement 
finds out the number of values in the array and uses that number That way, 
repeats exactly the number of times that there are values in the 



The first value in an array with a numbered index is 0 unless you deliberately 
set it to a different number One common mistake when working with arrays 
is to think of the first number as 1 rather than 0. 



Usin0 u/fiite loops 

Awhile loop continues repeating as long as certain conditions are true. The 
loop works as follows; 

1. You set up a condition. 

2. The condition is tested at the top of each loop. 

3. If the condition is true, the loop repeats. If the condition is not true, the 
loop stops. 

The general format of a while loop is 

while ( condition ) 
I 

block of statements 

} 

A condition is any expression that can be found to be true or false. Comparisons, 
such as the following, are often used as conditions. (For detailed information 
on using comparisons, see Chapter 6.) 

$test <= 10 

$testl == $test2 

$a == "yes" and $b != "yes" 

$name != "Smith" 



As long as the condition is found to be true, the loop will repeat. When the 
condition tests false, the loop will stop. The following statements set up a 
while loop that looks through an array for a customer named Smith: 

Scustomers = array( "Huang", "Smith", "Jones" ); 
$testvar = "no" ; 
$k = 0; 

while ( $testvar != "yes" ) 
{ 

if ( $customers [$k] == "Smith" ) 
I 
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testvar = "yes" 
echo "Srriith<br>" 



echo "$custorriers[$k] , not Smi th<br>" ; 

1 

$!<++; 

) 

These statements display the following on a Web page: 

Huang, not Smith 
Smi th 

The program executes the previous statements as follows: 

1. Sets the variables before starting the loop: Scustomers (an array with 
three values), $testvar (a test variable set to "no"), and $k (a counter 
variable set to 0). 

2. Starts the loop by testing whether $ testvar != "yes" is true. Because 
$testvar was set to "no", the statement is true, so the loop continues. 

3. Tests the i f statement. Is $ customers [$k] == "Smith" true? At 
this point, $ k is 0 , so the program checks $customers[0]. Because 
$customers[0] is "Huang", the statement is not true. The statements 
in the i f block are not executed, so the program skips to the else 
statement. g 

4. Executes the statement in the else block. The else block outputs the 
line "Huang, not Smi th ". This is the first line of the output. 

5. Adds one to $ k, which now becomes equal to 1. 

6. Reaches the bottom of the loop. 

7. Goes to the top of the loop. 

8. Tests the condition again. Is Stestvar != "yes" true? Because 
$testvar has not been changed and is still set to "no", it is true, 
so the loop continues. 

9. Tests the i f statement. Is $customers [ $k] == "Smith" true? At 
this point, $k is 1, so the program checks $customers [1 ]. Because 
$customers [ 1 ] is " Smi th", the statement is true. So the loop enters 
the i f block. 

10. Executes the statements in the i f block. Sets $testva r to "yes ". 
Outputs "Smith". This is the second line of the output. 

11. Adds one to $ k which now becomes equal to 2. 
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12. Reaches the bottom of the loop. 
Goes to the top of the loop. 



s the condition again. Is $ test va r != "yes" true? Because 
s t V a r has been changed and is now set to " y e s " , it is not true. 
The loop stops. 

It's possible to write awhile loop that is infinite — that is, a loop that loops 
forever. You can easily, without intending to, write a loop in which the condi- 
tion is always true. If the condition never becomes false, the loop never ends. 
For a discussion of infinite loops, see the section "Infinite loops," later in this 
chapter. 



Usin0 da^u^hite loops 

do . .while loops are very similar to while loops. Ado. .while loop contin- 
ues repeating as long as certain conditions are true. You set up a condition. 
The condition is tested at the bottom of each loop. If the condition is true, 
the loop repeats. When the condition is not true, the loop stops. 

The general format for a do . . wh i 1 e loop is 

do 
I 

block of statements 
) while ( condition ); 

The following statements set up a loop that looks for the customer named 
Smi th. This program does the same thing as a program in the preceding sec- 
tion using awhile loop: 

Scustomers = array( "Huang", "Smith", "Jones" ); 
$testvar = "no" ; 
$k = 0; 

do 
{ 

if ( $customers [$k] == "Smith" ) 
I 

$testvar = "yes" ; 
echo "Smith<br>" ; 

1 

el se 
I 

echo "$customers[$k] , not Smith<br>"; 

) 

$k++; 

) while ( $testvar != "yes" ); 
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The output of these statements in a browser is 

not Smith 



This is the same output shown for the while loop example. The difference 
between awhile loop and ado. .while loop is where the condition is 
checked. In a wh i 1 e loop, the condition is checked at the top of the loop. 
Therefore, the loop will never execute if the condition is never true. In the 
do . . wh i 1 e loop, the condition is checked at the bottom of the loop. 
Therefore, the loop always executes at least once even if the condition is 
never true. 



For instance, in the preceding loop that checks for the name Smi th, suppose 
the original condition is set to yes, instead of no, by using this statement: 



$testvar = "yes" ; 



The condition would test false from the beginning. It would never be true. In a 
while loop, there would be no output. The statement block would never run. 
However, in a do . .while loop, the statement block would run once before 
the condition was tested. Thus, the while loop would produce no output, but 
the do . .while loop would produce the following output: 



Huang, not Smith 



The do . .while loop produces one line of output before the condition is 
tested. It does not produce the second line of output because the condition 
tests false. 



Infinite (oops 

You can easily set up loops so that they never stop. These are infinite loops. 
They repeat forever. However, seldom does anyone create an infinite loop 
intentionally. It is usually a mistake in the programming. For instance, a slight 
change to the program that sets up a wh i 1 e loop can make it into an infinite 
loop. 



Here is the program shown in the section, "Using while loops," earlier in this 
chapter: 



$customers = array ( 


"Huang", "Smith", "Jones" ); 


$testvar = "no" ; 




$k = 0; 




while ( $testvar != 


"yes" ) 


1 

if ($customers[$k] 


== "Smith" ) 


{ 
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$testvar = "yes" ; 
echo "Srriith<br>" ; 



echo "$custorTiers[$k] , not SrTiith<br>" 

I 

;i<++; 



Here is the program with a slight change: 

Scustomers = array ( 
Stestvar = "no" ; 
while ( Stestvar != 
I 

$k = 0; 

if ( Scustomers [$k] 

$testvar = "yes" 
echo "Sniith<br>" 

el se 

echo "$customers[$k] , not Sniith<br>"; 
$k++; 

) 



Huang , Smith , Jones ); 
"yes" ) 



"Smith" ) 



The small change is moving the statement $ k = 0 ; from outside the loop to 
inside the loop. This small change makes it into an endless loop. The output 
of this changed program is 



Huang, not Smith 

Huang, not Smith 

Huang, not Smith 

Huang, not Smith 



This will repeat forever. Every time the loop runs, it resets $ k to 0. Then it 
gets $customers[0] and echoes it. At the end of the loop, $k is incremented 
to 1. However, when the loop starts again, $ k is set back to 0. Consequently, 
only the first value in the array, Huang, is ever read. The loop never gets to 
the name Smi th, and $testvar is never set to "yes". The loop is endless. 

Don't be embarrassed if you write an infinite loop. 1 guarantee that the best 
programming guru in the world has written many infinite loops. It's not a big 
deal. If you are testing a program and get output in your Web page repeating 
endlessly, it will stop by itself in a short time. The default time is 30 seconds, 
but the timeout period may have been changed by the PHP administrator 
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You can also click the Stop button on your browser to stop the display in 
your browser Then figure out why the loop is repeating endlessly and fix it. 



n mistake that can result in an infinite loop is using a single equal 
sign (=) when you mean double equal signs (==). The single equal sign stores 
a value in a variable; the double equal signs test whether two values are 
equal. If you write the following condition with a single equal sign: 



while ($testvar 



"yes" ) 



it is always true. The condition simply sets $testvar equal to "yes". This is 
not a question that can be false. What you probably meant to write is this: 



while ($testvar 



'yes" ) 



This is a question asking whether $testvar is equal to "yes", which can be 
answered either true or false. 



^^^^^ 




You can bulletproof your programs against this particular error by changing 
the condition to "yes" == $testvar. It's less logical to read but protects 
against the single-equals-sign problem. If you use a single equal sign instead 
of a double equal sign in this condition, you get an error, and your program 
fails to run. 



Another common mistake is to leave out the statement that increments the 
counter For instance, in the program earlier in this section, if you leave out 
the statement $ k++ ; , $ k is always 0, and the result is an infinite loop. 



Breaking out of a toop 

Sometimes you want your program to break out of a loop. PHP provides two 
statements for this purpose: 

break: Breaks completely out of a loop and continues with the program 
statements after the loop. 

continue: Skips to the end of the loop where the condition is tested. If 
the condition tests positive, the program continues from the top of the 
loop. 

break and continue are usually used in a conditional statement, b r e a k , in 
particular, is used most often in switch statements, as 1 discuss earlier in the 
chapter. 

The following two sets of statements show the difference between conti nue 
and break. The first statements use the break statement. 
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$counter = 0; 

ile ( $counter < 5 ) 



ter++; 

$counter == 3 ) 



echo "break<br>"; 
break ; 

) 

echo "End of while loop: counter=$counter<br>" 

) 

echo "After the break loop<p>"; 
The following statements use the conti nue statement: 



$counter = 0; 




while ( Scounter < 5 ) 




f , 

$counter++; ■ 




If ( $counter == 3 ) 1 
{ P 




echo "continue<br>" ; 




conti nue ; 




1 

echo "End of while loop: counter=$counter<br>" ; 




1 

echo "After the continue loop<br>"; 





These statements build two loops that are the same except that the first one 
uses brea k, and the second one uses conti nue. The output from these first 
statements that use the break statement displays in your browser as follows: 



End of while loop: counter=l 
End of while loop: counter=2 
break 

After the break loop 



The output from the second group of statements with the conti nue state- 
ment is as follows: 



End of while loop: counter=l 

End of while loop: counter=2 
conti nue 

End of while loop: counter=4 

End of while loop: counter=5 

After the continue loop 



The first loop ends at the brea k statement. It stops looping and jumps imme- 
diately to the statement after the loop. The second loop does not end at the 
conti nue statement. It just stops the third repeat of the loop and jumps back 
up to the top of the loop. It then finishes the loop, with the fourth and fifth 
repeats, before it goes to the statement after the loop. 
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One use for break statements is insurance against infinite loops. The follow- 
ing statements inside a loop can stop it at a reasonable point: 



ii nf i ni ty++ ; 
est4infinity > 100 ) 



break ; 

} 



If you're sure that your loop should never repeat more than 100 times, these 
statements will stop the loop if it becomes endless. Use whatever number 
seems reasonable for the loop that you're building. 



Usin^ Functions 

Applications often perform the same task at different points in the program 
or in different programs. For instance, your application might display the 
company logo on several different Web pages or in different parts of the pro- 
gram. Suppose that you use the following statements to display the company 
logo: 



echo '<hr width="50" al i gn="l ef t" > ' , " \n" ; 
echo '<img src=" /images/1 ogo . jpg" width="50" 

height="50"><br>' , "\n" ; 
echo '<hr width="50" al i gn=" 1 ef t" ><br> ' , " \n" ; 



You can create a function that contains the preceding statements and name it 
di spl ay_l ogo. Then whenever the program needs to display the logo, you 
can just call the function that contains the statements with a simple function 
call, as follows: 

di spl ay_l ogo ( ) ; 




Notice the parentheses after the function name. These are required in a func- 
tion call because they tell PHP that this is a function. 



Using a function offers several advantages: 

1^ Less typing: You only have to type the statements once — in the func- 
tion. Forever after, you just use the function call and never have to type 
the statements again. 

1^ Easier to read: The line di spl ay_l ogo ( ) is much easier for a person to 
understand at a glance. 

Fewer errors: After you have written your function and fixed all its prob- 
lems, it runs correctly wherever you use it. 
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IW Easier to change: If you decide to change how the task is performed, 
you only need to change it in one place. You just change the function 



I 



,ead of finding a hundred different places in your program where you 
rmed the task and changing the code a hundred times. For 
instance, suppose that you changed the name of the graphics file that 
holds the company logo. You just change the filename in one place, the 
function, and it works correctly everywhere. 



You can create a function by putting the code into a function block. The gen- 
eral format is 

function fundi onnamei) 
I 

block of statements; 
return ; 



For instance, you create the function to display the company logo with the 
following statements: 

function di spl ay_l ogo( ) 
{ 

echo '<hr width = "50" al i gn = "l eft"> ' , "\n" ; 
echo '<irrig src=" /images/1 ogo . j pg" width = "50" 

height="50"><br>' , "\n" ; 
echo '<hr width="50" al i gn=" 1 ef t"><br> ' , " \n" ; 
return ; 



The return statement stops the function and returns to the main program. 
The return statement at the end of the function is not required, but it makes 
the function easier to understand. The return statement is often used for a 
conditional end to a function. 



Suppose that your function displays an electronics catalog. You might use the 
following statement at the beginning of the function: 



if ( $age < 13 ) 
return ; 



If the customer's age is less than 13, the function stops, and the electronics 
catalog isn't displayed. 

You can put functions anywhere in the program, but the usual practice is to 
put all the functions together at the beginning or the end of the program file. 
Functions that you plan to use in more than one program can be in a separate 
file. Each program accesses the functions from the external file. For more on 
organizing applications into files and accessing separate files, check out 
Chapter 10. 
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Notice that the sample function is quite simple. It doesn't use variables, and 
it doesn't share any information with the main program. It just performs an 
ent task when called. You can use variables in functions and pass 
fon between the function and the main program as long as you know 
the rules and limitations. The remaining sections in this chapter explain how 
to use variables and pass values. 



Usin^ i/ariabtes in functions 

You can create and use variables that are local to the function. That is, you 
can create and use a variable inside your function. However, the variable is 
not available outside of the function; it's not available to the main program. 
You can make the variable available by using a special statement called 
global that makes a variable available at any location in the program. For 
instance, the following function creates a variable: 

function f orrTiat_nanie ( ) 
{ 

$f i rst_narTie = "Goliath"; 
$last_narrie = "Smith"; 
Sname = $1 ast_name . " , ".$first 

) 

f ormat_narTie( ) ; 
echo " Sname" ; 

These statements produce no output. In the echo statement, $name doesn't 
contain any value. The variable Sname was created inside the function, so it 
doesn't exist outside the function. 

You can create a variable inside a function that does exist outside the func- 
tion by using the global statement. The following statements contain the 
same function with a gl oba 1 statement added: 

function f orrnat_narrie ( ) 
{ 

$first_nanie = "Goliath"; 
$1 astjame = "Smi th" ; 
global Sname; 

Sname = $1 ast_narrie . " , " . $f i rst_name ; 

) 

f orrriat_narrie( ) ; 
echo " $narrie" ; 

The program now echoes this: 

Smith, Goliath 



4 

name ; 
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The global statement makes the variable available at any location in the pro- 
gram. You must make the variable global before you can use it. If the gl obal 
t^Tjs^it follows the $name assignment statement, the program does not 
ny output. 



The same rules apply when you're using a variable that was created in the 
main program. You can't use a variable in a function that was created outside 
the function unless the variable is global, as shown in the following statements: 

$first_nanie = "Goliath"; 
$last_name = "Smith"; 
function f orniat_nanie ( ) 
I 

global $first_name, $last_narne; 
$name = $1 ast_narrie . " , " . $f i rst_narrie ; 
echo "Sname"; 

1 

f orniat_nanie( ) ; 

If you don't use the global statement, $1 ast_name and $f i rst_nanie inside 
the function are different variables, created when you name them. They 
have no values. The program would produce no output without the global 
statement. 



Passing (/atues between a function 
and the main program 

You can pass values into the function and receive values from the function. 
For instance, you might write a function to add the correct sales tax to an 
order. The function would need to know the cost of the order and which state 
the customer resides in. The function would need to send back the amount of 
the sales tax. 

Passing </atues to a function 

You can pass values to a function by putting the values between the paren- 
theses when you call the function, as follows: 

fundi onnamei value, value, . . .) ; 



Of course, the variables can't just show up. The function must be expecting 
them. The function statement includes variable names for the values that 
it's expecting, as follows: 



f uncti on fundi onnamei $ varnamel , $ varnameZ, . . 


. . ) 


{ 

statements 




return ; 

1 
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For example, the following f uncti on computes the sales tax: 

on corTipute_sal estax($arriount,$custState) 
ch ( $custState ) 



case "OR" : 

$sal estaxrate = 0; 

break; 
case "CA " : 

$sal estaxrate = 1.0; 

break ; 
def aul t : 

$sal estaxrate = .5; 

break ; 

1 

$salestax = Samount * $sal estaxrate ; 
echo " $sal estax<br>" ; 

$cost = 2000.00; ' 

$custState = "CA" ; 

compute_sal estax( $cost ,$custState); 



The first line shows that the function expects two values, as follows: 



function compute 


_sal estax( $amount , $ 


custState ) 





The last line is the function call, which passes two values to the function 
corripute_sal estax, as it expects. The amount of the order and the state in 
which the customer resides are passed. The output from this program is 
2000 because the tax rate for California is 100 percent. 



You can pass as many values as you need to. Values can be variables or 
values, including values that are computed. The following function calls are 
valid: 



corripute_sal estax (2000, "CA" ) ; 
corripute_sal estax (2*1 000, "" ) ; 
corripute_salestax(2000, "C" . "A" ) ; 



Values can be passed in an array. The function receives the variable as an 
array. For instance, the following statements pass an array: 



$arrayof numbers = array( 100, 200); 
addn umbers (Sarrayofn umbers); 



The function receives the entire array. For instance, suppose the function 
starts with the following statement: 



function addnumbers ( $numbers ) 
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$nurribers[0] + $nurribers[l] ; 



The values passed are passed by position. That is, the first value in the list 
that you pass is used as the first value in the list that the function expects, 
the second is used for the second, and so forth. If your values aren't in the 
same order, the function uses the wrong value when performing the task. For 
instance, for conipute_sal estax, you might call compute_sal estax passing 
values in the wrong order as follows: 



conipute_sal estax ( ScustSt ate ,$orderCost); 



The function uses the state as the cost of the order, which it sets to 0 
because the value passed is a string. It sets the state to the number in 
$orderCost, which would not match any of its categories. The output would 
be 0. 



If you do not send enough values, the function sets the missing value to an 
empty string for a string variable or to 0 for a number If you send too many 
values, the function ignores the extra values. 

If you pass the wrong number of values to a function, you might get a warning 
message, as follows, depending on the error message level that PHP is set to. 

Warning: Missing argument 2 for conipute_sal estax( ) in /test7.php on line 5 

For the lowdown on warning messages, check out Chapter 6. 

You can set default values to be used when a value isn't passed. The defaults 
are set when you write the function by assigning a default value for the 
value(s) that it is expecting, as follows: 

f uncti on a dd_2_n umbers ( $numl = l , $num2=l ) 
{ 

$total = Snuml + $nurri2; 
return $total ; 

} 



If one or both values are not passed, the function uses the assigned defaults. 
But if a value is passed, it is used instead of the default. For example, you 
could use one of the following calls: 



add_2_nurribers(2,2) ; 
add_2_nurribers ( 2 ) ; 
add_2_nurribers ( ) ; 



The results are, in consecutive order: 
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Getting a Oatue from a {unction 

When you call a function, you can pass values as described above. The func- 
tion can also pass a value back to the program that called it. Use the return 
statement, to pass a value back to the calling program. The program can 
store the value in a variable or use the value directly, such as using it in a 
conditional statement. The return statement also returns control to the 
main program; that is, it stops the function. 



The general format of the return statement is 



return value; 




For instance, in the tcix program from the preceding section, 1 echo the sales 
tax by using the following statements: 


$salestax = Samount * $sal estaxrate 
echo "$sal estax<br>" ; 






1 could return the sales tax to the main program, rather than echoing it, by 


using the following statement: 








$sal estax = $amo 
return $salestax 


unt * $sal 


estaxrate 






In fact, 1 could use a shortcut and 
statement: 


1 send it back to the main program with one 


return $amount * 


$sal estaxrate ; 







The return statement sends the sal estax back to the main program and 
ends the function. The main program can use the value in any of the usual 
ways. The following statements use the function call in valid ways: 



Ssalestax = cornpute_sal estaxC $cost , $custState ) ; 

$totalcost = $cost + cornpute_sal estax( $cost , $custState ) ; 

if ( cornpute_salestax($cost,$custState) > 100000.00 ) 
$echo "Thank you very, very, very much<br>"; 

f oreach ( ScustomerOrder as Samount) 
{ 

$total = Samount + corripute_sal estax( Samount , $custState ) ; 
echo "Your total is $total<br>"; 

} 
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A return statement can return only one value. However, the value returned 
can be an array, so you can actually return many values from a function. 



se return statements in a conditional statement to return different 
values for different conditions. For example, the following function returns 
one of two different strings: 

f uncti on corripare_val ues($valuel,$value2) 
I 

if($valuel < $value2) 
return "less than" ; 
;1 se 

return "not less than"; 

} 

Although the function contains two return statements, only one is going to be 
executed, depending on the values in $val uel and $val ue2. 



Usin0 bmtuin functions 

PHP's many built-in functions are one reason why PHP is so powerful and 
useful for Web pages. The functions included with PHP are normal functions. 
They are no different than functions that you create yourself. It's just that 
PHP has already done all the work for you. 

1 discuss some of the built-in functions in this chapter and the earlier chap- 
ters. For example, see Chapter 6 for more on the functions unset and 
nurriber_f ormat. Some very useful functions for interacting with your MySQL 
database are discussed in Chapter 8. Other useful functions are listed in 
Part V of this book. And, of course, all the functions are listed and described 
in the PHP documentation on the PHP Web site at www . php .net/docs . php. 
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In This Chapter 

^ Connecting to the database 

► Getting information from tfie database 
^ Using HTML forms with PHP 

► Getting data from an HTML form 

^ Processing the i nformation that users type into HTML forms 

► Storing data in the database 

^ Using functions to move data in and out of the database 



M^HP and MySQL work very well together. This dynamic partnership is 
W what makes PHP and MySQL so attractive for Web database application 
development. Whether you have a database full of information that you want 
to make available to users (such as a product catalog) or a database waiting 
to be filled up by users (for example, a membership database), PHP and 
MySQL work together to implement your application. 

One of PHP's strongest features is its ability to interact with databases. It pro- 
vides functions that make communicating with MySQL extremely simple. You 
use PHP functions to send SQL queries to the database. You don't need to 
know the details of communicating with MySQL; PHP handles the details. You 
only need to know the SQL queries and how to use the PHP functions. 

In previous chapters of this book, 1 describe the tools that you use to build 
your Web database application. You find out how to build SQL queries in 
Chapter 4 and how to construct and use the building blocks of the PHP lan- 
guage in Chapters 6 and 7. In this chapter, you find out how to use these tools 
for the specific tasks that a Web database application needs to perform. 



You use built-in PHP functions to interact with MySQL. These functions con- 
nect to the MySQL server, select the correct database, send SQL queries, and 
perform other communication with MySQL databases. You don't need to 




PHP/MifSQL functions 
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know the details of interacting witfi tfie database because PHP handles all the 
details. You only need to know how to use the functions. 



sent time, PHP (beginning with version 5) has two sets of functions 
for interacting with MySQL. One set of functions is used to interact with 
MySQL version 4.0 or earlier. The other set of functions is used to interact 
with MySQL version 4. 1 or later. 

Throughout the book, my examples and programs show the functions that 
work with MySQL version 4.0. At the time of this writing, the current stable 
version of MySQL is version 4.0. In addition, the PHP functions for use with 
MySQL version 4.1 are described in the documentation on the PHP Web site 
as experimental, with a warning: Use this extension at your own risk. At the 
present time, MySQL version 4.1 is available only as alpha software, defined 
in the MySQL manual as follows: The release contains some large section of 
new code that hasn't been 100% tested. Therefore, 1 am writing this book based 
on the use of MySQL 4.0 and the PHP functions that work with this version. 

The PHP functions for use with MySQL 4.0 have the following general format: 



rriysql_fu/ict 7 on( val ue,value,...); 



The second part of the function name is specific to the function, usually a 
word that describes what the function does. In addition, the function requires 
one or more values to be passed, specifying things such as the database con- 
nection, the data location, and so on. The following are two of the functions 
that are discussed in this chapter: 



rriysql_connect($connect); 

rriysql_query ( "SQL statement" ,$connect) ; 



By the time you read this book, MySQL 4.1 might be the current stable ver- 
sion of MySQL. If so, you can use MySQL 4.1 and the functions that work with 
it. As of this writing, the functions discussed in this book are the same for 
MySQL 4.0 and MySQL 4.1 except for a change in name. The names of the 
functions for use with MySQL 4.1 begin with my s q 1 i _ rather than my s q 1 
Thus, the functions shown above would have the following names if used 
with MySQL 4.1: 



mysqli_connect($connect) ; 

mysql i_query ( Sconnect , "SQL statement" ) ; 



The functionality and syntax of the functions are the same or very similar. For 
instance, notice the difference between the two following functions: 



mysql_query ( $sql ,$connect) 
mysql i_query($connect,$sql ) 



Notice that the order of the items passed is different. This is true for several 
functions. 
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This discussion refers to the mysqli functions as they are now. The mysql i 
functions can change, of course. If one of the mysql i functions doesn't seem 
s it should, check the manual for any possible differences in usage. 



The i added to the name stands for improved; this set of MySQL functions is 
provided by the improved MySQL extension. At this time, support for mysql i 
is not included with PHP by default. It must be enabled when PHP is installed. 
However, by the time MySQL 4.1 is the stable release, it's likely that mysql i 
will be part of PHP without your needing to enable it specifically. To see the 
current status of mysql i , check the documentation at www .php. net/manual/ 
en/ref .mysql i . php. 

As of this writing, you can use this installation option to enable mysqli: 

--with-mysql i=DIR 

D I R is the path to the directory where a program called mysql _config, 
which was installed when MySQL 4.1 was installed, is located. 



Making a Connection 

Before you can store or get any data, you must connect to the database. The 
database might be on the same computer with your PHP programs or on a 
different computer You don't need to know the details of connecting to the 
database because PHP handles all the details. All you need to know is the 
name and location of the database. Think of a database connection in the 
same way that you'd think of a telephone connection. You don't need to know 
how your words move between telephones. You only need to know the area 
code and phone number The phone company handles the details. 

After connecting to the database, you send SQL queries to the MySQL data- 
base by using a PHP function designed specifically for this purpose. You can 
send as many queries as you need. The connection remains open until you 
specifically close it or the program ends. Similarly, in a telephone conversa- 
tion, the connection stays open until you terminate it by hanging up. 



Connecting to the Mt^SQL seri/er 

The first step in communicating with your MySQL database is connecting to 
the MySQL server To connect to the server, you need to know the name of 
the computer where the database is located, the name of your MySQL 
account, and the password to your MySQL account. To open the connection, 
use the mysql_connect function as follows: 

$connecti on=mysql_connect( "addr", "mysql acctname" , "password") 
or di e ( "message" ) ; 
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You use the mysql functions of the PHP language, such asrnysql_connect and rnysql_query, 
to interactwith the MySQL database. If one ofthese functions falls to execute correctly, a MySQL 
error message is returned with information about the problem. However, this error message isn't 
sent to the browser unless the program deliberately sends it. Here are the three usual ways to call 
the mysql functions: 

Calling the function without error handling. The function is called without any statements that 
provide error messages. For instance, the rriysql_connect function can be called asfollows: 

$connection = mysql_connect ( $host , 5user , ^password ) ; 

If this statement fails (for instance, the account is not valid), the connection is not made, but the 
remaining statements in the program continue to execute. In most cases, this isn't useful 
because some of the statements in the rest of the program might depend on having an open 
connection, such as getting or storing data in the database. 

1^ Calling the function with a di e statement. The function is called with a di e statement that 
sends a message to the browser For instance, the mysql _connect function can be called 
asfollows: 

$connection = mysql_connect ( $host , $user , Spassword ) 
or die ("Couldn't connect to server"); 

If this statement fails, the connection is not made, and the di e statement is executed. The di e 
statement stops the program and sendsthe message to the browser. Ifthe connection can't be 
established, no more statements are executed. You can put any message that you want in the 
di e statement. 

Calling the function in an i f statement. The function is called by using an i f statement that 
executes a block of statements ifthe connection fails. For instance, the mysql _connect 
function can be called asfollows: 

if ( ! Sconnecti on = mysql_connect($host,$user, Spassword) ) 
I 

Smessage = mysql_error( ) ; 
echo "$message<br>" ; 
die( ) ; 



If this statement fails, the statements in the i f block are executed. The mysql_error func- 
tion returns the MySQL error message and saves it in the variable $message. The error mes- 
sage is then echoed. The di e statement ends the program so that no more statements are 
executed. Notice the ! (exclamation point) in the i f statement. ! means "not". In other 
words, the i f statement is true ifthe assignment statement is not true. 

What error handling you want to include in your program depends on what you expect to happen 
in the program. When you're developing the program, you expect some errors to happen. Therefore, 
during development, you probably want error handling that is more descriptive, such as the third 
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_method in the preceding list. For instance, suppose that you're using an account called root to 
fe and that you make a typo as in the following statements: 



il host" ; 
$user = "rot" ; 
$password = " " ; 

if ( ! $connecti on = rriysql_connect( $host, 5user, ^password) ) 
{ 

Smessage = mysql_error( ) ; 
echo " $message<br>" ; 
dieO; 

) 

Because you typed "rot" instead of "root", you would see an error message similar to the 
following one: 

Access denied for user: ' rot@l ocal host ' (Using password: NO) 

This error message has the information that you need to figure out what the problem is; it shows 
your account name with the typo. However, afteryour program is running and customers are using 
it, you probably don't want your users to see a technical error message like the preceding 
one. Instead, you probably want to use the second method with a general statement in the 
diemessage,suchasThe Pet Catalog is not available at the moment. Please 
try again later. 



Fill in the following information: 

addr: The name of the computer where MySQL is installed — for example, 
databasehost . mycompany .com. If the MySQL database is on the same 
computer as your Web site, you can use localhostas the computer 
name. If this information is blank (" "), PHP assumes 1 ocal host. 

1^ mysql acctname: The name of your MySQL account. (1 discuss MySQL 
accounts in detail in Chapter 5.) You can leave this information blank 
(" ") — meaning that any account can connect — but this is usually a 
bad idea for security reasons. 

1/^ password: The password for your MySQL account. If your MySQL 
account does not require a password, don't type anything between the 
quotes: " ". 

1/^ message: The message that is sent to the browser if the connection fails. 
The connection fails if the computer or network is down or if the MySQL 
server isn't running. It also can fail if the information provided isn't 
correct — for example, if there's a typo in the password. 

You might want to use a descriptive message during development, such 
as Couldn't connect to server, but use a more general message suit- 
able for customers after the application is in use, such as The Pet 

Catalog is not available at the moment. Please try again 
1 ater . 
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The addr includes a port number that is needed for the connection. Almost 
always, the port number is 3306. On rare occasions, the MySQL administrator 
^«efeds>«kset up MySQL to connect on a different port. In these cases, the port 
^j^J'njj^ls required for the connection. The port number is specified as 

hostname : portnumber. For instance, you might use 1 oca 1 host : 8808. 

With these statements, rriysql_connect attempts to open a connection to the 
named computer, using the account name and password provided. If the con- 
nection fails, the program stops running at this point and sends message to 
the browser 

The following statement connects to the MySQL server on the local computer 
by using a MySQL account named catalog that does not require a password: 

$connection = rTiysql_connect ( " 1 ocal host ", "catal og ", " ") 
or die ("Couldn't connect to server."); 

For security reasons, it's a good idea to store the connection information in 
variables and use the variables in the connection statement, as follows: 

$host="l ocal host" ; 
$user="catal og" ; 
$password=" " ; 

$connection = my sq]_connecti $host , $user , Spassword) 
or die ("Couldn't connect to server."); 

In fact, for even more security, you can put the assignment statements for the 
connection information in a separate file in a hidden location so that the 
account name and password aren't even in the program. 1 explain how to do 
this in Chapter 10. 

The variable $connection contains information that identifies the connec- 
tion. You can have more than one connection open at a time by using more 
than one variable name. A connection remains open until you close it or until 
the program ends. You close a connection as follows: 

mysql_cl ose( $connectionname) ; 

For instance, to close the connection in the preceding example, use this 
statement: 

mysql_close($connection) ; 



Selecting the ri^ht database 

After the connection to the MySQL server is established and open, you 
need to tell MySQL which database you want to interact with. Use the 

mysql_sel ect_db function as follows: 
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$db = my sc\]_se'\ect_(ib(" databasename" ,$connecti onname) 
or di e ( "message ") ; 



following information: 
1/^ databasename: The name of the database. 

1/^ connect! onname: The variable that contains the connection informa- 
tion. If you don't enter a connection, PHP uses the last connection that 
was opened. 

1^^ message: The message that is sent to the browser if the database can't 
be selected. The selection might fail because the database can't be 
found, which is usually the result of a typo in the database name. 



For instance, you can select the database PetCata log with the following 
statement: 




$db = rTiysql_sel ect_db( " PetCatal og ", $connecti on ) 
or die ("Couldn't select database."); 




If rTiysql_sel ect_db is unable to select the database, the program stops run- 
ning at this point, and the message Co ul dn ' t select database . is sent to 
the browser 


For security reasons, 
and use the variable 


it's a good idea to store the database name 
n the connection statement, as follows: 


n a variable 


$database = " PetCata 1 og" ; 
$db = mysql_sel ect_db( $da 
or die ("Couldn't s 


tabase , $connecti on ) 
b1 ect database . " ) ; 





In fact, for even more security, you can put the assignment statement for the 
database name in a separate file in a hidden location — as suggested for the 
assignment statements for the connection information — so that the data- 
base name isn't even in the program. I explain how to do this in Chapter 10. 

The database stays selected until you explicitly select a different database. 
To select a different database, just use a new rriysql_sel ect_db function 
statement. 



Sending SQL ((ueries 

After you have an open connection to the MySQL server and PHP knows 
which database you want to interact with, you send your SQL query. The 
query is a request to the MySQL server to store some data, update some data, 
or retrieve some data. (See Chapter 4 for more on the SQL language and how 
to build SQL queries.) 
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To interact with the database, put your SQL query into a variable and send it 
to the MySQL server by using the function my s q 1 _q u e ry , as in the following 



$query = 
$resul t 
or 



"SELECT * FROM Pet"; 
rriysql_query ( $query ) 
die ("Couldn't execute query."); 



The query is executed on the currently selected database for the last connec- 
tion that you opened. If you need to — if you have more than one connection 
open, for instance — you can send the query to a specific database server 
like this: 

Sresult = niysql_query ( $query , $connecti on ) 
or die ("Couldn't execute query."); 

The variable $resul t holds information on the result of executing the query. 
The information depends on whether or not the query gets information 
from the database: 



For queries that don't get any data: The variable $ resul t contains 
information on whether the query executed successfully or not. If it's 
successful, $resul t is set to TRUE; if it's not successful, $resul t is set 
to FALSE. Some queries that don't return data are I NSERT and UPDATE. 

For queries that return data: The variable $resul t contains a result 
identifier that identifies where the returned data is located and not the 
returned data itself. Some queries that do return data are SE LECT and 
SHOW. 



The use of single and double quotes can be a little confusing when assigning 
the query string to $query. You are actually using quotes on two levels: the 
quotes needed to assign the string to $query and the quotes that are part of 
the SQL language query itself. The following rules will help you avoid any 
problems with quotes: 

Use double quotes at the beginning and end of the string. 
Use single quotes before and after variable names. 
Use single quotes before and after any literal values. 

The following are examples of assigning query strings: 



Iquery = "SELECT firstName FROM Member"; 

$query = "SELECT firstName FROM Member WHERE lastName='Sm1th' " ; 
$query = "UPDATE Member SET 1 astName=' $1 ast_name' " ; 

The query string itself does not include a semicolon (;), so don't put a semi- 
colon inside the final quote. The only semicolon is at the very end; this is the 
PHP semicolon that ends the statement. 
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formation from a database is a common task for Web database 
applications. Here are two common uses for information from the database: 

Use the information to conditionally execute statements. For instance, 
you might get the state of residence from the Member Directory and 
send different messages to members who live in different states. 

Display the information in a Web page. For instance, you might want to 
display product information from your database. 

In order to use the database information in a program, you need to put the 
information in variables. Then you can use the variables in conditional state- 
ments, echo statements, or other statements. Getting information from a 
database is a two-step process: 

1. You build a SE LECT query and send the query to the database. When the 
query is executed, the selected data is stored in a temporary location. 

2. You move the data from the temporary location into variables and use it 
in your program. 



Sending a SELECT {(ueri^ 

You usetheSELECT query to get data from the database. SELECT queries 
are written in the SQL language. (I discuss the SELECT query in detail in 
Chapter 4.) 

To get data from the database, build the SE LECT query that you need, storing 
it in a variable, and then send the query to the database. The following 
statements select all the information from the Pet table in the PetCatalog 
database: 

$query = "SELECT * FROM Pet"; 
$result = niysql_query($query ) 

or die ("Couldn't execute query."); 

The my s q 1 _q u e ry function gets the data requested by the SELECT query and 
stores it in a temporary location. You can think of this data as being stored in 
a table, similar to a MySQL table, with the information in rows and columns. 

The function returns a result identifier that contains the information needed 
to find the temporary location where the data is stored. In the preceding 
statements, the result identifier is put into the variable $result.The next 
step after executing the function is to move the data from its temporary loca- 
tion into variables that can be used in the program. 



Part III: PHP 



If the function fails — for instance, if tfie query is incorrect — $ resul t 
contains FALSE. 



DBooks 

Getting and usin^ the data 



You use tfie rriysql_f etch_array function to get tfie data from tfie temporary 
location. The function gets one row of data from the temporary location. The 
temporary data table might contain only one row of data or, more likely, your 
select query resulted in more than one row of data in the temporary data 
table. If you need to fetch more than one row of data from the temporary 
location, you use the my s q 1 _f e t c h_a r r a y function in a loop. 

Getting one roW of data 

To move the data from its temporary location and put it into variables that 
you can use in your program, you use the PHP function rTiysql_f etch_array. 
The general format for the rTiysql_fetch_array function is 

$row = mys(]^ _fet<z\\_hrr?iy {%resuHi denti fi er ,typeof array) ; 

This statement gets one row from the data table in the temporary location 
and puts it in an array variable called $row. Fill in the following information: 



resul ti denti fi er: The variable that points to the temporary location 
of the results. 

typeof array: The type of array that the results are put into. It can be 
one of two types of arrays or both types. Use one of the following values: 

• MYSQL_NUM: An array with a key/value pair for each column in the 
row using numbers as keys. 

• MYSQL_ASSOC: An array with a key/value pair for each column in 
the row using the column names as keys. 

• MYSQL_BOTH: An array with both types of keys. In other words, the 
array has two key/value pairs for each column: one with a number 
as the key and one with the column name as the key. If no array 
type is given in the function call, MYSQL_BOTH is assumed. 



The mysql_fetch_array function gets one row of data from the temporary 
location. In some cases, one row is all you selected. For instance, to check 
the password entered by a user, you only need to get the user's password 
from the database and compare it with the password that the user entered. 
The following statements check a password: 

SuserEntry = "secret"; // password user entered in form 
$query = "SELECT password FROM Member 

WHERE 1 ogi nName= ' gsmi th ' " ; 
$result = mysql_query($query) 
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or die ("Couldn't execute query."); 
"ow = rnysql_fetch_array($result,MYSQL_ASSOC) ; 
K/^userEntry == $row[ ' password ' ] ) 

echo "Login accepted<br>" ; 

statements that display Members Only Web pages 




1 se 



echo "Invalid password<br>" ; 

statements that allow user to try another password 



Note the following points about the preceding statements: 

)^ The SELECT query requests only one field (password) from one row 
(row for gsmi th). 

The mysql_f etch_a rray function returns an array called $row with 
column names as keys. 

)^ The i f statement compares the password that the user typed in 
($ user En try) with the password obtained from the database 
($row['password'])tosee whether they are the same by using two 
equal signs (==). 

If the comparison is true, the passwords match, and the i f block 
(which displays the Members Only Web pages) is executed. 

If the comparison is not true, the user did not enter a password that 
matches the password stored in the database, and the else block is exe- 
cuted. The user sees an error message stating that the password is not 
correct and is returned to the login Web page. 




PHP provides a shortcut that is convenient for using the variables retrieved 
with the mysql_fetch_array function. You can use the extract function, 
which splits the array into variables that have the same name as the key. For 
instance, you can use the extract function to rewrite the previous state- 
ments that test the password. Here's how: 

$userEntry = "secret"; ^password user entered into HTML form 
$query = "SELECT password FROM Member 

WHERE 1 ogi nName= ' gsmi th ' " ; 
Sresult = mysql_query($query ) 

or die ("Couldn't execute query."); 
$row = mysql_fetch_array($result, WKS0/._-4SS0C) ; 
extract( $row) ; 

if ( $userEntry == $password ) 
{ 

echo "Login accepted<br>" ; 

statements that display Members Only Web pages 
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{ 

echo "Invalid password<br>" ; 

atements that allow user to try another password 



Usin^ a hop to ^et a(t the roWs of data 

If you selected more than one row of data, use a loop to get all the rows from 
the temporary location. The loop statements in the loop block get one row of 
data and process it. The loop repeats until all rows have been retrieved. You 
can use awhile loop or a for loop to retrieve this information. (For more on 
whi 1 e loops and for loops, checkout Chapter 7.) 

The most common way to process the information is to use awhile loop as 
follows: 



while ( $row = mysql fetch 
{ 

block of statements 

} 


_array ( $r( 


BSUlt) ) 




This loop repeats until it has fetched the last row. If you just want to echo all 
the data, for example, you would use a loop similar to the following: 


while ( $row = mysql fete 
1 

extractC $row) ; 

echo "SpetType: SpetNai 

) 


h_array ( $r( 
Tie<br>" ; 


5SUl t ) ) 





Now, take a look at an example of how to get information for the Pet Catalog 
application. Assume the Pet Catalog has a table called Pet with four columns: 

petl D, petType, petDescri pti on, and price. Table 8-1 shows a sample set 
of data in the Pet table. 



Table 8-1 




Sample Data in Pet Table 




petName 


petType 


petDescription 


Price 


Unicorn 


Horse 


Spiral horn centered in forehead 


10000 


Pegasus 


Horse 


Flying; wings sprouting from back 


15000 


Pony 


Horse 


Very small; half the size of standard horse 


500 


Asian dragon 


Dragon 


Serpentine body 


30000 


Medieval dragon 


Dragon 


Lizard-like body 


30000 


Lion 


Cat 


Large; maned 


2000 


Gryphon 


Cat 


Lion body; eagle head; wings 


25000 
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The petDi spl ay . php program in Listing 8-1 selects all the horses from the 
Pet table and displays the information in an HTML table in the Web page, 
i^fible $ pet type contains information that a user typed into a form. 

Listing 8-1 : Displays Items from the Pet Catalog 

<?php 

/* Program: petDi spl ay . php 

* Desc: Displays all pets in selected category. 

*/ 
?> 

<html> 

<head><title>Pet Catal og</ti tl e></head> 

<body> 

<?php 

$user="catal og" ; 

$host="l ocal host" ; 

$password=" " ; 

$database = " PetCatal og" ; 

Sconnection = mysql_connect ( $host , $user , $password) 
or die ("couldn't connect to server"); 

$db = rriysql_sel ect_db( $database , $connecti on ) 
or die ("Couldn't select database"); 

Spettype = "horse"; //horse was typed in a form by user 

$query = "SELECT * FROM Pet WHERE petType= ' Spettype ' " ; 

$result = mysql_query($query) 

or die ("Couldn't execute query."); 

/* Display results in a table */ 

$pettype = ucf i rst ( $pettype ) . "s " ; 

echo "<hl>$pettype</hl>" ; 

echo "<table eel 1 spaci ng= ' 15 ' >" ; 

echo "<tr><td col span= ' 3 ' ><hr></td></tr>" ; 

while ($row = mysql_f etch_a rray ( $resul t ) ) 

{ 

extract($row) ; 

$f_price = number_f ormat ( $pri ce , 2 ) ; 
echo "<tr>\n 

<td>$petName</td>\n 
<td>$petDescri ption</td>\n 
<td al i gn= ' ri ght ' >\$$f_pri ce</td>\n 
</tr>\n" ; 

echo "<tr><td col span= ' 3 ' ><h r></td></tr>\n" ; 

1 

echo "</table>\n" ; 

?> 

</body></html> 

Figure 8-1 shows the Web page displayed by the program in Listing 8-1. The 
Web page shows the Pet items for the petType horse, with the display for- 
matted in an HTML table. 
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'3 Pet Catalog - Microsoft Internet Explorer 








File Edit View Favorites Jools Help 


1 ^ Refresh Home ' Search Favorites 


History | 


Mail Print 


Edit ReaLcom 


^OTteW^ll^ttp /.■'lanetval.san.rr.com/PHP&MySQLforDummies/petDescrip.php 






2\ IJUnks" ) » 



Figure 8-1: 

The Web 
page 
resulting 
from pet 
Di spl ay. 
php. 



Horses 



Unicom 


spiral horn centered in forehead 


$10,000,00 






Pegasus 


flying; wings sjiroutingfioinback 


$13,000.00 


Pony 


very small, half the size of standard horse 


$500.00 



& Done 



1*1 



The program in Listing 8-1 uses awhile loop to get all the rows from the 
temporary location. In some cases, you might need to use a for loop. For 
instance, if you need to use a number in your loop, a for loop is more useful 
than awhile loop. 

To use a for loop, you need to know how many rows of data were selected. 
You can find out how many rows are in the temporary storage by using the 
PHP function niysql_num_rows as follows: 

$nrows = rriysql_nurri_rows ( $resul t ) ; 

The variable $n rows contains the number of rows in the temporary storage 
location. By using this number, you can build a for loop to get all the rows, 
as follows: 

for ( $i=0 ; $i <$nrows ; $i++) 
I 

$row = rriysql_fetch_array($result) ) 
block of statements; 



For instance, the program in Listing 8-1 displays the Pet items of the type 
horse. Suppose that you want to number each item. Listing 8-2 shows a pro- 
gram, petDescri pFor .php, which displays a numbered list by using a for 
loop. 
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?2.hj_ 

gram: petDescri pFor . php 

'c: Displays a numbered list of all pets in 
* selected category. 

*/ 
?> 

<html> 

<head><title>Pet Catal og</ti tl e></head> 

<body> 

<?php 

$user="catal og" ; 

$host="l ocal host" ; 

$password=" " ; 

$database = " PetCatal og" ; 

$connection = mysql_connect ( $host , $user , Spassword ) 

or die ("couldn't connect to server"); 
$db = niysql_sel ect_db( $database , $connecti on ) 

or die ("Couldn't select database"); 
$pettype = "horse"; //horse was typed in a form by user 
Squery = "SELECT * FROM Pet WHERE petType= ' $pettype ' " ; 
$result = mysql_query( Squery ) 

or die ("Couldn't execute query."); 
Snrows = mysql_num_rows($result) ; 

/* Display results in a table */ 

echo "<hl>Horses</hl>" ; 

echo "<table eel 1 spaci ng= ' 15 ' >" ; 

echo "<tr><td col span= ' 4 ' ><hr></td></tr>" ; 

for ( $i=0 ; $i <$nrows ; $i++) 

{ 

$n = $i + 1; #add 1 so that numbers don't start with 0 
$row = mysql_fetch_array($result) ; 
extract($row) ; 

$f_price = number_f ormat ( $pri ce , 2 ) ; 
echo "<tr>\n 

<td>$n.</td>\n 

<td>$petName</td>\n 

<td>$ petDescri ption</td>\n 

<td align='right' >\$$f_pri ce</td>\n 

</tr>\n" ; 

echo "<tr><td col span= ' 4 ' ><hr></td></tr>\n" ; 

1 

echo "</table>\n" ; 

?> 

</body></html> 

Figure 8-2 shows the Web page that results from using the for loop in this 
program. Notice that a number appears before the listing for each Pet item 
on this Web page. 
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Figure 8-2: 

The Web 
page 
resulting 
from pet 
Descri p 
For.php. 
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3i 



m 



I RealPlayei 



Horses 



1. Umcora 






spiral hom centered in forehead 


$10,000.00 


2. Pegasus 


flying, wings sprouting from back 


$15,000,00 


3. Pony 


very small; half the size of standard horse 


$500.00 



IXsinq functions to 0et data 

In most applications, you get data from tfie database. Often you get tfie data 
in more tfian one location in your program or more tfian one program in your 
application. Functions — blocks of statements that perform certain specified 
tasks — are designed for such situations. (I explain functions in detail in 
Chapter 7.) 

A function to get data from the database can be really useful. Whenever the 
program needs to get data, you call the function. Not only do functions save 
you a lot of typing, but they also make the program easier for you to follow. 

For example, consider a product catalog, such as the Pet Catalog. You will 
need to get information about a specific product many times. You can write 
a function that gets the data and then use that function whenever you need 
data. 



Listing 8-3 for program getdata.php shows how to use a function to get 
data. The function in Listing 8-3 will get the information for any single pet in 
the Pet Catalog. The pet information is put into an array, and the array is 
returned to the main program. The main program can then use the informa- 
tion any way that it wants. In this case, it echoes the pet information to a 
Web page. 
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gram: getdata.php 

'c: Gets data from a database using a function 

*/ 
?> 

<htrril> 

<head><title>Pet Catal og</ti tl e></head> 

<body> 

<?php 

$user="catal og" ; 

$host=" 1 ocal host" ; 

$password=" " ; 

$connection = rriysql_connect ( $host , $user , $password ) 
or die ("Couldn't connect to server"); 



$petInfo = getPetInfo( "Unicorn" ) ; 



//call function 



$f_price = nurnber_f ormat ( $pet Inf o[ ' pri ce ' ] , 2 ) ; 
echo "<p><b>{ $petlnf o[ ' pet Name '])</b><br>\n 

Description: {$petInfo['petDescription'])<br>\n 

Price: \${$petInfo['price'])\n" 

?> 

</body></html> 



<?php 

function getPetlnfoC $petName) 
{ 

$db = mysql_sel ect_db( " PetCatal og" ) 

or die ("Couldn't select database"); 
$query = "SELECT * FROM Pet WHERE petName= ' $petName ' " ; 
Sresult = mysql_query( $query ) 

or die ("Couldn't execute query."); 
return mysql_f etch_array ( $resul t , MYSQL_ASSOC ) ; 

) 

?> 

The Web page displays 
Uni corn 

Description: spiral horn centered in forehead 
Price: $10,000.00 

Notice the following about the program in Listing 8-3: 

11^ The program is easier to read with the function call than it would be if 
all the function statements were in the main program. 
1^ You can connect to the MySQL server once in the main program and 
call the function many times to get data. If the connection were in the 
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function rather than the main program, it would connect every time 
that you called the function. It's more efficient to connect only once, 
ssible. 



u only have one connection, mysql_sel ect_db will use that con- 
nection. If you have more than one connection, you can pass the 
connection and use it in your mysql_sel ect_db function call. If your 
application only uses one database, you can select that database once 
in the main program instead of selecting it in the function. 



1^ The function call sends the string 
tion call will use a variable name. 



U n i c 0 r n " . In most cases, the f unc- 



1^ The program creates the variable $petlnfoto receive the data from the 
function. $petInfo is an array because the information stored in it is an 
array. 



The preceding function is very simple — it returns one row of the results as 
an array. But functions can be more complex. The preceding section provides 
a program to get all the pets of a specified type. The program getPets.php 
in Listing 8-4 uses a function for the same purpose. The function returns a 
multidimensional array with the pet data for all the pets of the specified type. 



Listing 8-4: Displays Numbered List of Pets by Using a Function 

<?php 

/* Program: getPets.php 

* Desc: Displays numbered list of items from a database. 

*/ 
?> 

<html> 

<head><title>Pet Catal og</ti tl e></head> 

<body> 

<?php 

$user="catal og" ; 

$host=" 1 ocal host" ; 

$password=" " ; 

Sconnection = mysql_connect ( $host , $user , Spassword ) 
or die ("couldn't connect to server"); 

Spetlnfo = getPetsOfType( "horse" ) ; //call function 

/* Display results in a table */ 

echo "<hl>Horses</hl>" ; 

echo "<table eel 1 spaci ng= ' 15 ' >" ; 

echo "<tr><td col span= ' 4 ' ><hr></td></tr>" ; 

for ($i=l ; $i<=sizeof (Spetlnfo) ; $i++) 

I 

$f_price = number_f ormat ( $petlnf o[$i ] [ ' pri ce ' ] , 2 ) ; 
echo "<tr>\n 

<td>$i .</td>\n 

<td>{$petInfo[$i][ 'petName'])</td>\n 
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<td>{ $petlnf o[$i ] [ ' petDescri pti on ' ] ) </td>\n 
<td al i gn= ' ri ght ' >\$$f_pri ce</td>\n 
</tr>\n" ; 

ho "<tr><td colspan='4'><hr></td></tr>\n" ; 

echo "</tabl e>\n" ; 
?> 

</body></htrTil> 



<?php 

function get Pets Of Type ( $petType ) 
I 

$db = rriysql_select_db( "PetCatal og" ) 

or die ("Couldn't select database"); 
$query = "SELECT * FROM Pet WHERE petType= ' $petType ' " ; 
$result = niysql_query( $query ) 

or die ("Couldn't execute query."); 

$j = 1; 

while ( $row=mysql_f etch_array ( $resul t , MYSOL_ASSOC ) ) 
{ 

foreach ($row as Scolname => $value) 
{ 

$array[$j ] [$col name] = $value; 

1 

$j++; 

1 

return $array; 

1 

?> 

The program in Listing 8-4 proceeds as follows: 

1. It connects to the MySQL server in the main program. 

2. It calls the function getPetsOfType. It passes "horse" as a character 
string and also sets up$petlnfoto receive the data returned by the 
function. 

3. The function selects the database PetCatal og. 

4. The function sends a query to get all the rows with horse in the 
petlype column. The data is stored in a table in a temporary location. 
The variable $ r e s u 1 1 identifies the location of the temporary table. 

5. It sets up a counter. $ j is a counter that is incremented in each loop. It 
starts at 1 before the loop. 

6. It starts awhile loop. The function attempts to get a row from the tem- 
porary data table and is successful. If there were no rows to get in the 
temporary location, the while loop would end. 
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It starts a f oreach loop. The loop walks through the row, processing 
each field. 
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res values in the array. $petInfo is a multidimensional array. Its 
key is a number, which is set by the counter. Because this is the first 
time through the while loop, the counter — $ j — is now equal to 1. 
All the fields in the row are stored in $petInfo with the column name 
as the key. (I explain multidimensional arrays in detail in Chapter 7.) 

9. It increments the counter. $ j is incremented by 1. 

10. It reaches the end of the while loop. 

1 1. It returns to the top of the while loop. 

12. It repeats Steps 6-11 for every row in the results. 

13. It returns $array to the main program. $array contains all the data for 
all the selected rows. 

14. $ pet Info receives data from the function. All the data is passed. 
Figure 8-3 shows the structure of Spetlnfo after the function has 
finished executing. 





petlnfo [1] 


[petName] 


= Unicorn 










[petDescription] 


= spiral horn centered in forehead 


Figure 8-3: 




[price] 


= 10000 






The 


[2] 


[petName] 


= Pegasus 






structure 




[petDescription] 


= flying: wings sprouting from back 


of the 




[price] 


= 15000 






multidimen- 


[3] 


[petName] 


= Pony 






sional array 




[petDescription] 


= very small; 


naif the size of a standard horse 


$petlnf 0. 




[price] 


= 500 







15. The main program sends Pet Descriptions to the browser in an HTML 
table. The appropriate data is inserted from the Spetinf o array. 

The Web page that results from the program in Listing 8-4 is identical to the 
Web page shown in Figure 8-2, which is produced by a program that does not 
use a function. Functions do not produce different output. Any program that 
you can write by using a function, you can also write without using a func- 
tion. Functions just make programming easier. 



Getting Information from the User 

Many applications are designed to ask questions that users answer by typing 
information. Sometimes the information is stored in a database; sometimes 
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the information is used in conditional statements to deliver an individual Web 
page. Some of the most common apphcation tasks that require users to 



Online ordering: Customers need to select products and enter shipping 
and payment information. 

Registering: Many sites require users to provide some information 
before they receive certain benefits, such as access to special informa- 
tion or downloadable software. 

Logging in: Many sites restrict access to their pages. Users must enter 
an account name and password before they can see the Web pages. 

Viewing selected information: Many sites allow users to specify what 
information they want to see. For instance, an online catalog might allow 
users to type the name of the product or select a product category that 
they want to see. 

You ask questions by displaying HTML forms. The user answers the ques- 
tions by typing information into the form or selecting items from a list. The 
user then clicks a button to submit the form information. When the form is 
submitted, the information in the form is passed to a second, separate pro- 
gram, which processes the information. 

In the next few sections, 1 don't tell you about the HTML required to display 
a form; I assume that you already know HTML. (If you don't know HTML or 
need a refresher, check out HTML 4 For Dummies, 4th Edition, by Ed Tittel 
and Natanya Pitts; Wiley.) What 1 do tell you is how to use PHP to display 
HTML forms and to process the information that users type into the form. 



HTML forms are very important for interactive Web sites. If you are unfamil- 
iar with HTML forms, you need to read the forms section of an HTML book. 
To display a form by using PHP, you can do one of the following: 

1^ Use echo statements to echo the HTML for a form. For example: 




Usin^ HTML forms 



<?php 

echo "<forrri acti on= ' processf orm . php ' 
rTiethod=' POST'>\n 



<input type='text' narrie= ' name ' >\n 

<input type= ' submi t ' val ue= ' Submi t NarTie'>\n 

</f orni>\n " ; 



?> 
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IV Use plain HTML outside tlie PHP sections. For a plain static form, there 
is no reason to include it in a PHP section. For example: 

hp 

statements in PHP section 

<form acti on="processf orm. php" method=" POST"> 
<input type="text" nanie="f ull name"> 
<input type="subrni t" val ue = "Submit Name"> 
</f orm> 
<?php 

statements in PHP section 

?> 

Either of these methods produces the form displayed in Figure 8-4. 
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Figure 8-4: 

A form 
produced 
by HTML 
statements. 



3 test form - Microsoft Internet Explorer 



£ile Edit View Favorites Jools Help 



J j3 ^ 

Stop Refresh Home 



® Si 

Search Favorites Histoiy 



Address |^ hHp://ianetval,san.r(,com/PHP?..MvSiJLforDiimmi _£] ^^^Go j | Links *' ""J? 



Submit Name 



^ Done 



A Internet 



Joe Customer fills in the HTML form. He clicks the submit button. You now 
have the information that you wanted — his name. So where is it? How do 
you get it? 

You get the form information by running a program that receives the 
form information. When the submit button is clicked, PHP automatically 
runs a program. The action parameter in the form tag tells PHP which pro- 
gram to run. For instance, in the preceding program, the parameter 
acti on = processf orm .php tells PHP to run the program processf orm .php 
when the user clicks the submit button. The program processf orm .php can 
display, store, or otherwise use the form data that it receives when the form 
is submitted. 

When the user clicks the submit button, the program specified in the action 
attribute runs, and statements in this program can get the form information 
from PHP built-in arrays and use the information in PHP statements. Table 8-2 
shows the built-in arrays that contain the form information. 
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Table 8-2 


Built-in Arrays Containing Form Information 


l^fT^ Description 


■P _rUo 1 


Contains elements for all the fields contained in a forrn if the 
form uses niethod=" POST". 


$HTTP_POST 


_VARS Same as $ _POST. 


$ _GET 


Contains all the variables passed from a previous page as 
part of the URL. This includes fields passed in a form using 

rnethod = "get". 


$HTTP_GET_ 


VARS Same as $ _GET. 


$_REQUEST 


Contains all the array elements together that are in 

$_POST, $_GET, and $_COOKI E. 



When the form is submitted, the program that runs can get the form informa- 
tion from the appropriate built-in array, as shown in Table 8-2. In these built- 
in arrays, each array index is the name of the input field in the form. For 



instance, if the user typed Goliath Smith in the input field shown in Figure 8-4 
and clicked the submit button, the program processform.php runs and can 
use an array variable in the following format: 













$_POST[ ' ful 1 name 


'] 









Notice that the named typed into the form is available in the $_POST array 
because the form tag specified niethod= ' POST ' . Also, notice that the array 
key is the name given the field in the HTML form with the name attribute 
name = "ful 1 name". 



A program that displays all the fields in a form is a useful program for testing 
a form. You can see what values are passed from the form to be sure that 
your form is formatted properly and sends the field names and values that 
you expect. All the fields in a POST type form are displayed by the program in 
Listing 8-5, named processf orm . php. When the form shown in Figure 8-4 is 
submitted, the following program is run. 



Listing 8-5: A Script That Displays All the Fields from a Form 



<?php 




/* Script name: 


processf orm .php 


* Description: 


Script displays all the information passed 


* 


from a form. 


*/ 




echo "<html> 




<head><ti tl e>Customer Address</ti tl e></head> 


<body>" ; 





(continued) 
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Listing 8-5 (continued) 
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foreach ($_POST as $field => $value) 
'cho "$field = $value<br>"; 



?> 

</body></htrril> 

If the user typed the name Goliath Smith into the form in Figure 8-4, the 
following output is displayed: 

fullname = Goliath Smith 

The output displays only one line because there is only one field in the form 
in Figure 8-4. 

The program in Listing 8-5 is written to process the form information from 
any form that uses the POST method. Suppose that you have a slightly more 
complicated form, such as the program in Listing 8-6 that displays a form 
with several fields. 



Listing 8-6: A Program That Displays an Address Form 

<?php 

/* Program name: displayForm 

* Description: Script displays a form that asks for the 

* customer address. 
*/ 

echo "<html> 

<head><ti tl e>Customer Address</title></head> 
<body>" ; 

Slabels = array( "f i rstName"=>" Fi rst Name:", 
"mi dName" = >"Mi ddl e Name:", 
" 1 astName"=>" Last Name:", 
"street"=>"Street Address:", 
"city"=>"City: " , 
" state"=>" State : " , 
" zi p"=>"Zi pcode : " ) ; 
echo "<p a 1 i gn= ' center ' > 

<b>Please enter your address be! ow . </b><hr>" ; 
echo "<form acti on= ' processf orm . php ' method= ' POST ' > 
<table width='95%' border='0' eel 1 spaci ng= ' 0 ' 
eel 1 paddi ng= ' 2 ' >\n " ; 
foreach($l abel s as $f i el d=>$l abel ) 
{ 

echo "<tr> 

<td align='right'> <B> { $1 abel s[ $f i el d] ) </br></td> 
<td><input type='text' name= ' $f i el d ' size='65' 

maxl ength= ' 65 ' ></td> 
</tr>" ; 
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echo "</table> 

<div al i gn= ' center ' XpXi nput type= ' submi t ' 

val ue= ' Submi t Address') </p></div> 
</f orm)" ; 
?> 

</body></htrTil> 




Notice the following in di spl ay Form . php, as shown in Listing 8-6; 

An array is created that contains the labels that are used in the form. 

The keys are the field names. 

The script processf orm . php is named as the script that runs 
when the form is submitted. The information in the form is sent to 
processf orm .php, which processes the information. 

The form is formatted with an HTML table. Tables are an important 
part of HTML. If you're not familiar with HTML tables, check out HTML 4 
For Dummies, 4th Edition, by Ed Tittel and Natanya Pitts (Wiley). 

1^ The script loops through the $1 abel s array with a f oreach statement. 
The HTML code for a table row is output in each loop. The appropriate 
array values are used in the HTML code. 

For security reasons, always include maxlength — which defines the number 
of characters that users are allowed to type into the field — in your HTML 
statement. Limiting the number of characters helps prevent the bad guys 
from typing malicious code into your form fields. If the information will be 
stored in a database, set maxl ength to the same number as the width of the 
column in the database table. 



When Goliath Smith fills in the form shown in Figure 8-5 (created by the pro- 
gram in Listing 8-6) and submits it, the program processf orm . php runs and 
produces the following output: 



firstName = Goliath 
midName = 
lastName = Smith 
street = 1234 Tall St 
city = Big City 
state = TX 
zip = 88888 



In processf orm . php, all elements of the $_POST built-in array are displayed 
because both of the forms shown in this section used the POST method, as do 
most forms. There are other built-in arrays, as well as the $_POST array, as 
shown in Table 8-2. 
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Figure 8-5: 

A form for 
entering a 
customer's 
address. 



•3 Customer Address - Microsoft Internet Explorer 



File Edit View Favorites Tools Help 



' [i I Search [igj Favoiiles tjHistoiy | Ig-^ # 



t)tlpV/localhost/PH P&MyS Q Lf orD ummies/disptayForm. php 



First Name: 
Middle Name: 
Last Name: 
Street Address: 
City: 
State: 
Zipcode: 



d Done 



Please enter yom* address below. 



Submit Address 



"3 i>Go 



Local intranet 



The same information is available in two sets of arrays. Use the newer arrays 
(names begin with _) because they can be used anywhere, even inside a 
function. (I explain functions and the use of variables inside functions in 
Chapter 7.) These arrays, called superglobals or autoglobals, were introduced 
in PHP 4.1.0. The older arrays, with long names such as $HTTP_POST_VARS, 
must be made global before they can be used in a function, as 1 explain in 
Chapter 7. The older arrays should only be used when you are forced to use 
a version of PHP older than PHP 4.1.0. 



Making forms dt^mmic 

PHP brings new capabilities to HTML forms. Because you can use variables in 
PHP forms, your forms can now be dynamic. Here are the major capabilities 
that PHP brings to forms: 

Using variables to display information in input text fields 
Using variables to build dynamic lists for users to select from 
Using variables to build dynamic lists of radio buttons 
1^ Using variables to build dynamic lists of check boxes 

l^isp(aifing difmmic information in form fietds 

When you display a form on a Web page, you can put information into the 
fields rather than just displaying a blank field. For example, if most of your 
customers live in the United States, you might automatically enter US in the 
country field when you ask customers for their address. If the customer does 
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indeed live in the United States, you've saved the customer some typing. And 
if the customer doesn't live in the U.S., he or she can just replace with the 
Bi^ate country. Also, if the program automatically enters US as the value 
^(d, you know that the information doesn't have any errors in it. 

To display a text field that contains information, you use the following format 
for the input field HTML statements: 
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<input type="text" narne="country" value="US"> 



By using PHP, you can use a variable to display this information with either of 
the following statements: 

<input type="text" name="country" 

value="<?php echo $country ?>"> 
echo "<input type='text' narrie= ' country ' val ue= ' $country ' >" ; 



The first example creates an input field in an HTML section, using a short PHP 
section for the value only. The second example creates an input field by using 
an echo statement inside a PHP section. If you're using a long form with only 
an occasional variable, using the first format is more efficient. If your form 
uses many variables, it's more efficient to use the second format. 




If you have user information stored in a database, you might want to display 
the information from the database in the form fields. For instance, you might 
show the information to the user so that he or she can make any needed 
changes. Or you might display the shipping address for the customer's last 
online order so that he or she doesn't need to retype the address. Listing 8-7 
shows the program di spl ayAddress . php, which displays a form with infor- 
mation from the database. This form is very similar to the form shown in 
Figure 8-5 except that this form has information in it (retrieved from the data- 
base) and the fields in the form in Figure 8-5 are blank. 



Registering long arrays 



A new php . i ni setting introduced in PHP 5 
allows you to prevent the older, long arrays from 
being created automatically by PHP It's very 
unlikely that you will need to use them unless 
you're using some old scripts containing the 
long variables. The following line in php . i ni 
controls this setting: 

regi ster_l ong_arrays = On 

At the current time, this setting is On by default. 
Unless you're running old scripts that need the 



old arrays, you should change the setting to 
Off so that PHP doesn't do this extra work. 

Although the setting is currently On by default, 
that could change. The default setting might 
change to Off in a future version. If you're 
using some old scripts and are getting errors on 
lines containing the long arrays, such as 
$HTTP_GET_VARS, checkyour php . i ni set- 
ting for long arrays. It might be Off, and the 
long arrays needed by the older script are not 
being created at all. 
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Listing 8-7: Program to Display HTML Form with Information 




'ogram name: di spl ayAddress 

'scription: Script displays a form with address 

information obtained from the database. 



*/ 

echo "<html> 

<head><ti tl e>Customer Address</ti tl e></head> 
<body>" ; 

Slabels = array( "f i rstName"=>" Fi rst Name:", 
" 1 astName"=>" Last Name:", 
"street"=>"Street Address:", 
"city"=>"City : " , 
" state" = >" State : " , 
" zi p"=>"Zi pcode : " ) ; 

$user="admi n" ; 
$host=" 1 ocal host" ; 
$password=" " ; 

$database = "MemberDi rectory " ; 

SloginName = "gsmith"; // user login name 

$connection = mysql_connect ( $host , $user , $password ) 

or die ("couldn't connect to server"); 
$db = mysql_sel ect_db( $database , Sconnecti on ) 

or die ("Couldn't select database"); 
$query = "SELECT * FROM Member 

WHERE 1 ogi nName= ' $1 ogi nName ' " ; 
$result = mysql_query( $query ) 

or die ("Couldn't execute query."); 
$row = mysql_f etch_a rray ( $resul t ) ; 

echo "<p a 1 i gn= ' center ' > 

<hl al i gn= ' center ' >Address for $1 ogi nName</hl>\n" ; 
echo "<br><p al i gn= ' center ' > 

<font si ze= ' +1 ' ><b>Pl ease check the information below 
and change any information that is i ncorrect . </b></f ont> 

<hr>" ; 

echo "<form acti on= ' processAddress . php ' method= ' POST ' > 
<table width='95%' border='0' eel 1 spaci ng= ' 0 ' 
eel 1 paddi ng= ' 2 ' >\n " ; 
foreach($l abel s as $f i el d=>$l abel ) 
I 

echo "<tr> 

<td align='right'> <B>{ $1 abel s[ $f i el d] ) </br></td> 
<td><input type='text' name= ' $f i el d ' 

val ue= ' $row[$f i el d] ' size='65' maxl ength= ' 65 ' > 

</td> 
</tr>" ; 

} 

echo "</table> 

<div al i gn= ' center ' XpXi nput type= ' submi t ' 

val ue= ' Submi t Address') </p></div> 
</form>" ; 

?> 

</body></html> 
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Notice the following in the program in Listing 8-7: 
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I form 




form statement transfers the action to the program 

essAddress . php. This program processes the information in the 
form and updates the database with any information that the user 
changed. This is a program that you write yourself. Checking data in a 
form and saving information in the database are discussed later in this 
chapter in the sections "Checking the information" and "Putting 
Information into a Database". 

Each input field in the form is given a name. The information in the 
input field is stored in a variable that has the same name as the input 
field. 

V The program gives the field names in the form the same names as the 
columns in the database. This simplifies moving information between 
the database and the form, requiring no transfer of information from one 
variable to another 

The values from the database are displayed in the form fields with the 
val ue parameter in the input field statement. The value parameter 
displays the appropriate value from the array $ row, which contains data 
from the database. 



For security reasons, always include maxlength in your HTML statement, 
maxlength defines the number of characters that a user is allowed to type 
into the field. If the information is going to be stored in a database, set 
maxlength to the same number as the width of the column in the database 
table. ■ 



Figure 8-6 shows the Web page resulting from the program in Listing 8-7. The 
information in the form is the information that is stored in the database. 




Building selection lists 

One type of field that you can use in an HTML form is a selection list. Instead 
of typing into a field, your users select from a list. For instance, in a product 
catalog, you might provide a list of categories from which users select what 
they want to view. Or the form for users' addresses might include a list of 
states that users can select. Or users might enter a date by selecting a month, 
day, and year from a list. 

Use selection lists whenever feasible. When the user selects an item from a 
list, you can be sure that the item is accurate, with no misspelling, odd char- 
acters, or other problems introduced by users' typing errors. 

An HTML selection list for the categories in the Pet Catalog is formatted as 
follows: 
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<form action = "processforrri.php" rTiethod="POST"> 
narrie = "petType"> 
on val ue="horse">horse 
on value="cat" sel ected>cat 
on val ue="dragon">dragon 
</select> &nbsp ; &nbsp ; &nbsp ; 

<input type="submit" val ue=" Sel ect Type of Pet"> 
</f orrn> ; 

Figure 8-7 shows the selection list that these HTML statements produce. 
Notice that cat is the choice that is selected when the field is first displayed. 
You determine this default selection by including selected in the option tag. 
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Figure 8-6: 

A form 
showing 
the user's 
address. 



■3 Customer Address - Microsoft Internet Explorer 



J File Edit View Favorites Tools Help 

) ■i'Back => • '3 4i ii^Seaich ^Favoiiles (jHistoiy ! f^j" # Q 



Address {#] hHp://localhost/PHPlMvSaLfoiDuiniiiies/displayAddiess.php 



Address for gsmith 



III 



Please check the infoimadon below and change any uiformation that is incorrect. 



First Name: |Goliath 



Last Name: Smith 



Street Address: 1234 Giant St 



City: I Big City 
State: |aL 



Zipcode: |97850 



Submit Address 



ii Done 



1^ Local intranet 



Figure 8-7: 

A selection 
field for the 
Pet Catalog. 



^Pet Catalog Microsoft Internet Explorer 




-1 


J File Edit View Favorites lools Help 


B 


1 


^ , . '4) 4 1® 

Back try.v'ai :■ Slop Refresh Home Search 


Favorites 




1 Address 1^ hHp7/janetval.san.rr com/PH _3J fi*Go ' Links** 


If? » 






J 


logs ''I 1 Select Type of Pet | 










J 


Done 1 1 40 Internet 







Chapter 8: Data In, Data Out 



I When usii 



When the user clicks the arrow on the select drop-down list box, the whole 
list drops down, as shown in Figure 8-8, and the user can select any item in 
otice that cat is selected until the user selects a different item. 



When using PHP, your options can be variables. This capability allows you to 
build dynamic selection lists. For instance, you must maintain the static list 
of pet categories shown in the preceding example. If you add a new pet cate- 
gory, you must add an option tag manually. However, with PHP variables, you 
can build the list dynamically from the categories in the database. When you 
add a new category to the database, the new category is automatically added 
to your selection list without your having to change your PHP program. 
Listing 8-8 for program buildSelect.php builds a selection list of pet cate- 
gories from the database. 



Figure 8-8: 

A selection 
field for the 
Pet Catalog 
with a drop- 
down list. 
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Listing 8-8: Program to Build a Selection List 

<?php 

/* Program name: buildSelect.php 

* Description: Program builds a selection list 

* from the database. 
*/ 

?> 

<html> 

<head><title>Pet Types</title></head> 

<body> 

<?php 

$user="catal og" ; 

$host="localhost" ; 

$password=" " ; 

Idatabase = "PetCatalog" ; 

Iconnection = mysql_connect($host,$user,$password) 

or die ("couldn't connect to server"); 
$db = mysql_select_db($database,$connection) 



(continued) 
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Listing 8-8 (continued) 

I or die ("Couldn't select database"); 
I J If^ r^OO l^uQ = "SELECT DISTINCT petType FROM Pet ORDER BY petType 

L-^ ' V/ ^ I— / Vy Vy l$>e%^t = niysql_query($query) 

or die ("Couldn't execute query."); 



/* create form containing selection list */ 
echo "<forni action='processform.php' niethod='POST'> 
<select nanie='petType'>\n" ; 



while ($row = mysql_fetch_array($result) ) 
( 

extract($row) ; 

echo "<option value='$petType'>$petType\n" ; 

1 

echo "</sel ect>\n" ; 

echo "<input type='submit' value='Select Type of Pet'> 
</forni>\n" ; 

?> 

</body></htnil> 



\ 



Notice the following in the program in Listing 8-8: 



Using DISTINCT in the query: DI STINCT causes the query to get each 
pet type only once. Without D I STINCT, the query would return each pet 
type several times if it appeared several times in the database. 

Using ORDER BY in the query: The pet types are sorted alphabetically. 

V echo statements before the loop: The form and sel ect tags are echoed 
before the while loop starts because they are echoed only once. 

echo statements in the loop: The opt i on tags are echoed in the loop — 
one for each pet type in the database. No item is marked as selected, so 
the first item in the list is selected automatically. 

echo statements after the loop: The end form and select tags are 
echoed after the loop because they are echoed only once. 

The selection list produced by this program is initially the same as the selec- 
tion list shown in Figure 8-7, with cat selected. However, cat is selected in this 
program because it is the first item in the list — not because it's specifically 
selected as it is in the HTML tags that produce Figure 8-7. The drop-down list 
produced by this program is in alphabetical order, as shown in Figure 8-9. 

You can also use PHP variables to set up which option is selected when the 
selection box is displayed. For instance, suppose that you want the user to 
select a date from month, day, and year selection lists. You believe that 
most people will select today's date, so you want today's date to be selected 
by default when the box is displayed. Listing 8-9 shows the program 
dateSelect.php, which displays a form for selecting a date and selects 
today's date automatically. 
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Listing 8-9: Program to Build a Date Selection List 

<?php 

/* Program name: dateSel ect . php 

* Description: Program displays a selection list that 

* customers can use to select a date. 
*/ 

echo "<html> 

<head><title>Select a date</title></head> 
<body>" ; 

/* create an array of months*/ 

SmonthName = array(l=> "January", "February", "March", 

"April", "May", "June", "July", 
"August", "September", "October", 
"November", "December"); 



$today = time( ) ; 

$f_today = date("M-d-Y" ,$today) ; 
echo "<div al i gn= ' center ' >\n" ; 



//stores today's date 
//formats today's date 



/* display today's date */ 

echo " <p>&nbsp ; <h3>Today is $f_today</h3><hr>\n" ; 

/* create form containing date selection list */ 

echo "<form acti on= ' processf orm . php ' method=' POST' >\n" ; 

/* build selection list for the month */ 

StodayMO = date( "m" , $today ) ; //get the month from $today 

echo "<select name='dateMO' >\n" ; 

for ($n=l;$n<=12;$n++) 

I 

echo "<option value=$n\n"; 

if (StodayMO == $n) 

{ 

(continued) 
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Listing 8-9 (continued) 
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echo " selected"; 
'ho "> $rTionthNarTie[$n]\n' 



echo "</select>" 



/* build selection list for the day */ 

$todayDay= date( "d" , $today ) ; //get the day from $today 
echo "<select narrie= ' dateDay ' >\n " ; 
for ($n=l;$n<=31;$n++) 
{ 

echo " <option value=$n"; 
if (StodayDay == $n ) 



echo " selected"; 

1 

echo "> $n\n"; 

) 

echo "</select>\n" ; 



/* build selection list for the year */ 

$startYr = date("Y", $today); //get the year from $today 

echo "<select name='dateYr' >\n" ; 

for ( $n=$startYr ; $n<=$startYr+3 ; $n++) 

I 

echo " <option value=$n"; 
if ($startYr == $n ) 
{ 

echo " selected"; 

1 

echo "> $n\n"; 

) 

echo "</select>\n" ; 
echo "</form>\n"; 

?> 

</body></html> 



The Web page produced by the program in Listing 8-9 is shown in Figure 8-10. 
The date appears above the form so that you can see that the select list 
shows the correct date. The selection list for the month shows all 12 months 
when it drops down. The selection list for the day shows 31 days when it 
drops down. The selection list for year shows four years. 

The program in Listing 8-9 produces the Web page in Figure 8-10 by following 
these steps: 

1. Creates an array containing the names of the months. The keys for the 
array are the numbers. The first month, January, starts with the key 1 so 
that the keys of the array match the numbers of the months. 
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2. Creates variables containing the current date. $ tod ay contains the 
date in a system format and is used in the form. Sf todayisa formatted 
date that is used to display the date in the Web page. 

3. Displays the current date at the top of the Web page. 

4. Builds the selection field for the month. 

i. Creates a variable containing today's month. 

ii. Echoes the select tag, which should be echoed only once. 

iii. Starts a for loop that repeats 12 times. 

iv. Inside the loop, echoes the option tag by using the first value from 
the SmonthName array. 

V. If the number of the month being processed is equal to the number 
of the current month, adds the word " sel ected" to the opti on tag. 

vi. Repeats the loop 1 1 more times. 

vii. Echoes the closing sel ect tag for the selection field, which should 
be echoed only once. 

5. Builds the selection field for the day. Uses the procedure described in 
Step 4 for the month. However, only numbers are used for this selection 
list. The loop repeats 31 times. 

6. Builds the selection field for the year. 

i. Creates the variable $startYr, containing today's year. 

ii. Echoes the select tag, which should be echoed only once. 

iii. Starts a for loop. The starting value for the loop is SstartYr. The 
ending value for the loop is $startYr+3. 
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iv. Inside the loop, echoes the opti on tag, using the starting value of 
the for loop, which is today's year. 



If the number of the year being processed is equal to the number 
of the current month, adds the word "selected" to the option tag. 

vi. Repeats the loop until the ending value equals $sta rtYr+3. 

vii. Echoes the closing sel ect tag for the selection field, which should 
be echoed only once. 



7. Echoes the ending tag for the form. 



Building (ists of radio buttons 

You might want to use radio buttons instead of selection lists. For instance, 
you can display a list of radio buttons for your Pet Catalog and have users 
select the button for the pet category that they're interested in. 



The format for radio buttons in forms is 



<input type="radio" narTie = "pets" val ue="Uni corn"> 



You can build a dynamic list of radio buttons representing all the pet types in 
your database in the same manner that you build a dynamic selection list in 
the preceding section. Listing 8-10 shows the program bui 1 dRadi o . php, 
which creates a list of radio buttons based on pet types. 

■ 

Listing 8-10: Program to Build a List of Radio Buttons 



<?php 

/* Program name: bui 1 dRadi o . php 

* Description: Program displays a list of radio 

* buttons from database info. 
*/ 

echo "<html> 

<head><title>Pet Types</ti tl e></head> 
<body>" : 
$user="catal og" ; 
$host=" 1 ocal host" ; 
$password=" " ; 
$database = " PetCatal og" ; 



Sconnection = mysql_connect ( $host , $user , $password ) 
or die ("couldn't connect to server"); 

$db = mysql_sel ect_db( Sdatabase , $connecti on ) 
or die ("Couldn't select database"); 

$query = "SELECT DISTINCT petType FROM Pet 
ORDER BY petType" ; 

$result = mysql_query( $query ) 

or die ("Couldn't execute query."); 
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echo "<div styl e= ' margi n-1 eft : .5in'> 
<D>8inbsp ; 

b>Which type of pet are you interested in?</b> 
lease choose one type of pet from the following 
1 i st : \ n" ; 

/* create form containing radio buttons */ 

echo "<form acti on= ' processf orm . php ' method=' POST' >\n" ; 

while ($row = mysql_f etch_a rray ( $resul t ) ) 
{ 

extract($row) ; 

echo "<input type=' radio' name= ' i nterest ' 

val ue= ' $petType ' >$petType\n" ; 
echo "<br>\n"; 

) 

echo "<p><input type= ' submi t ' val ue= ' Sel ect Type of Pet'> 
</f orm>\n" ; 

?> 

</div></body></html> 

This program is very similar to ttie program in Listing 8-9. Ttie Web page pro- 
duced by this program is shown in Figure 8-11. 
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Figure 8-11: 
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Building lists of check boxes 

You might want to use check boxes in your form. Check boxes are different 
from selection lists and radio buttons because they allow users to select 
more than one option. For instance, if you display a list of pet categories by 
using check boxes, a user can check two or three or more pet categories. The 
program bui 1 dCheckbox .php in Listing 8-11 creates a list of check boxes. 
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Listing 8-1 1 : Program to Build a List of Check Boxes 



'ogram name: bui 1 dCheckbox . php 
'scription: Program displays a list of 

checkboxes from database info. 
*/ 

echo "<html> 

<head><title>Pet Types</ti tl e></head> 

<body>" ; 
$user="catal og" ; 
$host=" 1 ocal host" ; 
$password=" " ; 
$database = " PetCatal og" ; 

Sconnection = mysql_connect ( $host , $user , $password ) 
or die ("couldn't connect to server"); 

$db = mysql_sel ect_db( Sdatabase , Sconnecti on ) 
or die ("Couldn't select database"); 

$query = "SELECT DISTINCT petType FROM Pet 
ORDER BY petType" ; 

$result = mysql_query( $query ) 

or die ("Couldn't execute query."); 

echo "<div styl e= ' margi n-1 eft : .5in'> 
<p>&nbsp ; 

<p><b>Which type of pet are you interested in?</b> 
<p>Choose as many types of pets as you want:\n"; 




/* create form containing checkboxes */ 

echo "<form acti on= ' processf orm . php ' method=' POST' >\n" ; 

while ($row = mysql_f etch_a rray ( $resul t ) ) 
I 

extract($row) ; 

echo "<input type= ' checkbox ' name= ' i nterestC $petType] ' 

val ue= ' $ petType ' >$petType\n" ; 
echo "<br>\n"; 

) 

echo "<p><input type= ' submi t ' val ue= ' Sel ect Type of Pet'> 
</f orm>\n" ; 

?> 

</di v></body></html> 

This program is very similar to the program in Listing 8-10 that builds a list of 
radio buttons. However, notice that the input field uses an array $i nterest 
as the name for the field. This is because more than one check box can be 
selected. This program will create an element in the array with a key/value 
pair for each check box that's selected. For instance, if the user selects both 
horse and dragon, the following array is created: 
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$interest[horse]=horse 
interest[dragon]=dragon 



ram that processes the form has the selections available in the POST 
array, as follows: 

$_POST[ ' interest '][' horse' ] 
$_POST[ 'interest']['dragon'] 

Figure 8-12 shows the Web page produced by bui 1 dCheckbox . php. 
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Usin0 the infamatian from the farm 

As I discuss earlier in this section, Joe Customer fills in an HTML form, selecting 
from lists and typing information into text fields. He clicks the submit button. 

In the form tag, you tell PHP which program to run when the submit 
button is clicked. You do this by including acti on="prograrrinarrie" in the 
form tag. For instance, in most of the example listings in this chapter, 1 use 
acti on = "processform. php". When the user clicks the submit button, 
the program runs and receives the information from the form. Handling form 
information is one of PHP's best features. You don't need to worry about the 
form data — just get it from one of the built-in arrays and use it. 

The form data is available in the processing program in arrays, as shown in 
Table 8-1. The key for the array element is the name of the input field in the 
form. For instance, if you echo the following field in your form 

echo "<input type='text' name= ' f i rstName ' >" ; 
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the processing program can use the variable $_POST[f i rstName], which 
contains the text that the user typed into the field. The information that the 
cts from selection drop-down lists or radio buttons is similarly avail- 
se. For instance, if your form includes the following list of radio 

buttons' 



echo "<input type= ' radi o ' narrie= ' i interest ' val ue= ' dog ' >dog\n" ; 
echo "<input type='radio' narrie= ' i interest ' val ue= ' cat ' >cat\n" ; 

you can access the variable $_POST[i interest], which contains either dog or 
cat, depending on what the user selected. 

You handle check boxes in a slightly different way because the user can select 
more than one check box. As shown in Listing 8-11, the data from a list of 
check boxes can be stored in an array so that all the check boxes are avail- 
able. For instance, if your form includes the following list of check boxes 



echo "<input type= ' checkbox ' narne= ' i nterest[dog] ' 

val ue= ' dog ' >dog\n" ; 
echo "<input type= ' checkbox ' narTie= ' i nterest[cat] ' 

val ue=' cat' >cat\n" ; 



you can access the data by using the multidimensional variable 
$_POST[i interest], which contains the following: 



$_POST[i interest] [dog] = dog 
$^POST[interest][cat] = cat 



In some cases, you might want to access all the fields in the form. Perhaps you 
want to check them all to make sure that the user didn't leave any fields blank. 
As shown in program processform.php, earlier in this chapter (see Listing 
8-5), you can use f oreach to walk through the $_POST or $_GET built-in array. 
Most of the sample programs and statements in this book use the post 
method. The keys are the field names. See the sidebar "Post versus get" for 
more on the two methods. 



For instance, suppose your program includes the following statements to dis- 
play a form: 

echo "<forrri acti on= ' processf orm . php ' rnethod= ' POST ' >\n " ; 
echo "<input type='text' narrie= ' 1 name ' val ue= ' Smi th ' ><br>\n " ; 
echo "<input type='radio' narrie= ' i interest ' val ue= ' dog ' >dog\n" ; 
echo "<input type='radio' narrie= ' i interest ' val ue=' cat' >cat\n" ; 
echo "<input type= ' hi dden ' narTie= ' hi dvar ' val ue= ' 3 ' >\n " ; 
echo "<br><input type= ' submi t ' val ue= ' Sel ect Type of Pet'> 
</f orrri>\n " ; 



The program processf orm . php contains the following statements that will 
list all the variables received from the form: 
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foreach ($_POST as $field => $value) 



"$field, $value<br>"; 



The output from the foreach loop would be 

Iname, Smith 
interest, dog 
hidvar, 3 

The output shows three variables with these three values for the following 
reasons: 

The user didn't change the text in the text field. The value "Smith" 
that the program displayed is still the text in the text field. 

]/' The user selected the radio button for dog. The user can select only 
one radio button. 

The program passed a hidden field named hi dvar. The program sets 
the value for hidden fields. The user can't affect the hidden fields. 



Post versus get 

You use one of two methods to submit form 
information. The methods pass the form data 
differently and have different advantages and 
disadvantages. 

1^ get method: The form data is passed 
by adding it to the URL that calls the form- 
processing program. For instance, the URL 
might look like this: 

processform.php?lname=Smith& 
f name=Gol i ath 

The advantages of this method are simplicity 
and speed. The disadvantages are that less 
data can be passed and that the information 
is displayed in the browser, which can be a 
security problem in some situations. 

post method: The form data is passed as a 
package in a separate communication with 
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the processing program. The advantages of 
this method are unlimited information pass- 
ing and security of the data. The disadvan- 
tages are the additional overhead and 
slower speed. 

For CGI programs that are not PHP, the program 
that processes the form must find the informa- 
tion and put the data into variables. In this case, 
the get method is much simpler and easier to 
use. Many programmers use the get method 
forthis reason. However, PHP does all this work 
for you. The get and post methods are equally 
easy to use in PHP programs. Therefore, when 
using PHP it's almost always better to use the 
post method because you have the advan- 
tages of the post method (unlimited data pass- 
ing, better security) without its main disadvan- 
tage (more difficult to use). 
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mer fills in an HTML form, selecting from lists and typing informa- 
text fields. He clicks the submit button. You now have all the infor- 
mation that you wanted. Well, maybe. Joe might have typed information that 
has a typo in it. Or he might have typed nonsense. Or he might even have 
typed in malicious information that can cause problems for you or for other 
people using your Web site. Before you use Joe's information or store it in 
your database, you want to check it to see that it is the information that you 
asked for. Checking the data is validating the data. 



Validating the data includes the following: 



Checking for empty fields: You can require users to enter information in 
a field. If the field is blank, the user is told that the information is 
required, and the form is displayed again so the user can type the miss- 
ing information. 

1^ Cliecking the format of the information: You can check the information 
to see that it is in the correct format. For instance, ab3& *xx is clearly 
not a valid ZIP code. 



Checking for emptif fields 

When you create a form, you can decide which fields are required and which 
are optional. Your decision is implemented in the PHP program. You check 
the fields that are required for information. If a required field is blank, you 
send a message to the user, indicating the field is required, and you then 
redisplay the form. 



The general format to check for empty fields is 



if ( $1 ast name == " " ) 




1 

echo "You did not 


enter your last name. 


Last name is 


requi red . <br>\n" ; 


display the form; 




exi t ( ) ; 




1 

echo " Welcome to the 


Members Only club. 


You may select 


from the menu bel ow . <br>\n" ; 


display the menu; 





Notice the exit statement, exit statements end the program. Without the 
exit statement, the program would continue to the statements after the i f 
statement. In other words, without the exi t statement, the program would 
display the form and then continue to echo the welcome statement and the 
menu as well. 
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In many cases, you want to check all the fields in the form. You can do this by 
looping through the array $ _POST. The following statements check the array 
;mpty fields: 




h ($_POST as $value) 
{ 

if ( $value == "" ) 
{ 

echo "You have not filled in all the fields<br>\n" ; 
display the form; 
exi t( ) ; 

) 

) 

echo "Welcome"; 

When you redisplay the Web form, make sure that it contains the information 
that the user already typed. If users have to retype information, they are 
likely to get frustrated and leave your Web site. 

In some cases, you might require the user to fill in most of the fields but not 
all of them. For instance, you might request a fax number in the form or pro- 
vide a field for a middle name, but you don't really mean to restrict registra- 
tion on your Web site to only users with middle names and fcixes. In this case, 
you can just make an exception for the fields that are not required, as follows: 

foreach ($_POST as $field => $value) 
{ 

if ( $field != "fax" and $field != "mi ddl e_name" ) 
{ 

if ( $ value == "" ) 
{ 

echo "You have not filled in all the f iel ds<br>\n" : 
display the form; 
exi to ; 



echo "Welcome"; 



Notice that the outside i f conditional statement is true only if the field is not 
the fax field and is not the middle name field. For those two fields, the pro- 
gram does not reach the inside i f statement, which checks for blank fields. 

In some cases, you might want to tell the user exactly which fields need to be 
filled in. The checkBl ank . php program in Listing 8-12 processes a form with 
four fields: f i rst_name, mi ddl e_name, 1 ast_name, and phone. All the fields 
are required except mi ddl e_name. In the example shown in Figure 8-13, the 
user didn't enter a first name: The resulting error message when the form is 
processed tells the user which field was left blank. 
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Listing 8-1 2: Program That Checks for Blank Fields 



dBooRI 

-1- 



rogram name: 
fscri pti on : 



checkBl ank . php 
Program checks 
blank fields. 



all the form fields for 



*/ 
?> 

<html> 

<head><title>Empty f i el ds</ti tl e></head> 

<body> 

<?php 

/* set up array of field labels */ 
$label_array = array ( "first_name" => 

"middle_name" => 
" 1 ast_name" 
"phone" => 



Fi rst Name" , 
"Middle Name", 
=> "Last Name", 
Phone" ) ; 



/* check each field except middle name for blank fields */ 

foreach ($_POST as $field => $value) 

{ 

if ($field != "mi ddl e_name" ) 
{ 

if ( $value == "" ) 

{ 

$bl ank_array[$f ield] = "blank"; 



if 

{ 



// end of foreach loop for $_POST 

if any fields were blank, display error message and 

form */ 

(@si zeof ( $bl ank_array ) > 0) //if blank fields are found 



echo "<b>You didn't fill in one or more required fields. 

You must enter : </b><br>" ; 
/* display list of missing information */ 
foreach ( $bl ank_a rray as $field => $value) 
{ 

echo "   {$label_array[$field])<br>"; 
) //end of foreach loop for blanks 
/* redisplay form */ 

$f i rst_name=trim( stri p_tags ( $_POST[ ' f i rst_.name ' ] ) ) ; 
$mi ddl e_name=tri m( stri p_tags ( $_POST[ ' mi ddl e_name ' ] ) ) ; 
$1 ast_name=trim( stri p_tags ( $_POST[ ' 1 ast_name ' ] ) ) ; 
$phone=trim( stri p_tags ( $_POST[ 'phone '])) ; 
echo "<p><hr> 

<form acti on= ' checkBl ank . php ' method= ' POST ' > 

<center> 

<table width='95%' border='0' eel 1 spaci ng= ' 0 ' 

eel 1 paddi ng= ' 2 ' > 
<tr><td align='right'><b>{$label_array['fi rst_name ' ] ) : 
</br></td> 

<td><input type='text' name= ' f i rst_name ' size='65' 
maxl ength= ' 65 ' 

val ue= ' { $f i rst_name ) ' ></td> 
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</tr> 

<tr><td align='right'><b>{$label_array['rni ddl e_narne ' ] ) : 
</br></td> 

<td><input type='text' narrie= ' mi ddl e_name ' size='65' 
maxl ength= ' 65 ' val ue= ' $mi ddl ejame ' > </td> 
</tr> 

<tr><td align='right'><b>{$label_array['l astjame ' ] ) : 
</b></td> 

<td> <input type='text' name= ' 1 ast_narne ' size='65' 
maxl ength= ' 65 ' va 1 ue= ' $1 ast_name ' > </td> 

</tr> 

<tr><td align='right'><b>{$label_array['phone']): 
</b></td> 

<td> <input type='text' name='phone' size='65' 

maxl ength= ' 65 ' val ue= ' $phone ' > </td> 

</tr> 
</table> 

<p><input type= ' submi t ' 

val ue= ' Submi t name and phone number') 

</f orm> 

</center>" ; p 
exi t ( ) ; 



echo "Wei come" ; 

?> 

</body></html> 
To check for blanks, the program does the following: 



1. Sets up an array of field labels. These labels are used as labels in the 
form and are also used to display the list of missing information. 

2. Loops through all the variables passed from the form, checking for 
blanks. The variables are in the array $ _POST. Any blank fields that are 
found are added to an array of blank fields $ b 1 a n k_a r r a y . 

3. Checks whether any blank fields were found. Checks the number of 

items in $bl ank_array. 

4. If zero blank fields were found, jumps to welcome message. 

5. If one or more blank fields were found: 

i. Displays an error message. This message explains to the user that 
some required information is missing. 

ii. Displays a list of missing information. Loops through 
$bl ank_array and displays the label(s). 

iii. Displays the form. Because the form includes variable names in the 
value attribute, the information that the user previously entered is 
retrieved from $_POST and displayed. 

iv. Exits. Stops after the form displays. The user must click the submit 
button to continue. 
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^ViB! Remember, programs that process forms use the information from the form. 

If you run them by themselves, they don't have any information passed from 
4JilfiejB[iand will not run correctly. These programs are intended to run when 
JfifNg^^presses the submit button for a form. 

Don't forget the exit statement. Without the exit statement, the program 
would continue and would display the welcome message after displaying the 
form. 

Figure 8-13 shows the Web page that results if the user didn't enter his or 
her first or middle name. Notice that the list of missing information doesn't 
include Middle Name because Middle Name is not required. Also, notice that 
the information the user originally typed into the form is still displayed in the 
form fields. 

Checking the format of the information 

Whenever users must type information in a form, you can expect a certain 
number of typos. You can detect some of these errors when the form is submit- 
ted, point out the error(s) to the user, and then request that he or she retype 
the information. For instance, if the user types 8899776 in the ZIP code field, 
you know this is not correct. This information is too long to be a ZIP code and 
too short to be a ZIP+4 code. 
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^ViG! You also need to protect yourself from malicious users — users who might 

want to damage your Web site or your database or steal information from you 
/^rl^i^vsers. You don't want users to enter HTML tags into a form field — 
l^jpfrw^t^^g that might have unexpected results when sent to a browser. A par- 
ticularly dangerous tag would be a script tag that allows a user to enter a 
program into a form field. 

If you check each field for its expected format, you can catch typo s and pre- 
vent most malicious content. However, checking information is a balancing 
act. You want to catch as much incorrect data as possible, but you don't want 
to block any legitimate information. For instance, when you check a phone 
number, you might limit it to numbers. The problem with this check is that 
it would screen out legitimate phone numbers in the form 555-5555 or (888) 
555-5555. So you also need to allow hyphens (-), parentheses (), and spaces. 
You might limit the field to a length of 14 characters, including parentheses, 
spaces, and hyphens, but this screens out overseas numbers or numbers that 
include an extension. The bottom line: You need to think carefully about what 
information you want to accept or screen out for any field. 

You can check field information by using regular expressions, which are pat- 
terns. You compare the information in the field against the pattern to see 
whether it matches. If it doesn't match, the information in the field is incorrect, 
and the user must type it over. (See Chapter 6 for more on regular expressions.) 



In general, these are the statements that you use to check fields: 



if ( \eregi" pattern" ,$varh 
1 


ablename) ) 




echo error message; 






redisplay form; 






exi t ( ) ; 




echo "Welcome"; 



Notice that the condition in the i f statement is negative. That is, the ! (excla- 
mation mark) means "not". So, the i f statement actually says: If the variable 
does not match the pattern, execute the i f block. 



For example, suppose that you want to check an input field that contains the 
user's last name. You can expect names to contain letters, not numbers, and 
possibly apostrophe and hyphen characters (as in O'Hara and Smith-Jones, 
respectively) and also spaces (as in Van Dyke'). Also, it's difficult to imagine a 
name longer than 50 characters. Thus, you can use the following statements 
to check a name. 
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if ( !ereg("[A-Za-z' - ] { 1 , 50 ) " , $1 astjame ) 



pBookg 

I exi 



ho error message; 
isplay form; 
tO; 



echo "Welcome" 




If you want to list a hyphen ( ) as part of a set of allowable characters sur- 
rounded by square brackets ( [ ] ), you must list the hyphen at the beginning 
or at the end of the list. Otherwise, if you put it between two characters, the 
program will interpret it as the range between the two characters, such as A-Z. 



In the preceding section, you find out how to check every form field to ensure 
that it isn't blank. In addition to that, you will probably also want to check all 
the fields that have data to be sure the data is in an acceptable format. You 
can check the format by making a few simple changes to the program in 
Listing 8-12. Listing 8-13 shows the modified program, called checkAl 1 . php. 



Listing 8-1 3: Program That Checks All the Data in Form Fields 

<?php 

/* Program name: checkAll.php 

* Description: Program checks all the form fields for 

* blank fields and incorrect format. 
*/ 

?> 

<html> 

<head><title>Emp.ty fields</title></head> 

<body> 

<?php 

/* set up array of field labels */ 

$label_array = array ( "first_name" => "First Name", 

"middle_name" => "Middle Name", 

"last_name" => "Last Name", 

"phone" => "Phone"); 
foreach ($_POST as $field => lvalue) 
I 

/* check each field except middle name for blank fields */ 

if ( lvalue == "" ) 

I 

if (Ifield != "middle_name") 
I 

$blank_array[$field] = "blank"; 

] 

1 

elseif (Ifield == "first_name" or Ifield == "middl e_name" 
or Ifield == "last_name" ) 

I 

if (!ereg("''[A-Za-z' -] 1 1 ,50)$" ,$_POST[$f i eld] ) ) 
I 
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$bad_forniat[$field] = "bad"; 



DropBooks 



iif (Ifield == "phone") 



if(!ereg("'^[0-9)( -] 17,20) (([xX] | (ext) | (ex) )?[ -]?[0-9] {1 ,7) )?$" ,$val ue) ) 
I 

$bad_for[iiat[$field] = "bad"; 



} 

) 

/* if any fields were not okay, display error message and form *7 

if (@sizeof($blank_array) > 0 or @sizeof($bad_format) > 0) 

( 

if (@sizeof($blank_array) > 0) 
I 

/* display message for missing information */ 

echo "<b>You didn't fill in one or more required fields. You must 

enter:</b><br>" ; 
/* display list of missing information *7 
foreach($blank_array as Ifield => lvalue) 
( 

echo "    I $1 abel_array[$f i eld] )<br>" ; 



if ((asizeof($bad_format) > 0) 
I 

/* display message for bad information */ 

echo "<b>One or more fields have information that appears to be 

incorrect. Correct the format for:</b><br>" ; 
7* display list of bad information */ 
foreach($bad_format as Ifield => lvalue) 
I 

echo "    ($1 abel_array[$f i eld] )<br>" ; 



/* redisplay form */ 

$first_name = $_POST[ ' f i rst_name' ] ; 

$middle_name = $_POST[ 'middl e_name' ] ; 

$last_name = $_POST[ ' 1 ast_name' ] ; 

$phone = $_POST['phone']; 

echo "<p><hr> 

<form action='checkAll .php' method='POST'> 

<center> 

<table width='95Z' border='0' cellspacing='0' cellpadding='2'> 
<tr><td align=' right '><B>|$label_array['first_name']l:<7br></td> 
<td><input type='text' name='first_name' size='65' maxlength='65' 
value='$first_name' > </td> 

<7tr> 

<tr><td align='right'><B>|$label_array['middle_name'] I :</br><7td> 
<td><input type='text' name='middle_name' size='65' maxlength='65' 
value='$middle_name' > <7td> 



(continued) 
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Listing 8-13 (continued) 
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l_array[ ' 1 ast_nanie ' ] ) 
'last_nanie' size='65' 
■> </td> 



</B></td> 
maxl ength= 



tr> 

rXtd align='right'><B>|$labe 
'<td> <input type='text' nanie= 
value='$last_nanie 

</tr> 

<tr><td al i gn=' ri ght ' ><B>| $1 abel_array[ ' phone' ] 
<td> <input type='text' name='phone' size='65 
value='$phone'> </td> 

</tr> 
</table> 

<p><input type=' submit' value='Submit name and phone number') 
</form> 
</center>" ; 
exi t( ) ; 



65' 



:</B></td> 
maxlength='65' 



echo "Welcome"; 

</body></html> ■ 

Here are the differences between this program and the program in Listing 8-12: 

1^ This program creates two arrays for problem data. It creates 
$bl an k_a r ray, as did the previous program. But this program also 
creates $bad_f ormat for fields that contain information that is not in 
an acceptable format. 

1^ This program loops through Shad format to create a separate list of 
problem data. If any fields are blank, it creates one error message and 
list of problem fields, as did the previous program. If any fields are in an 
unacceptable format, this program also creates a second error message 
and list of problem fields. 



The Web page in Figure 8-14 results when the user accidentally types his or 
her first name into the Middle Name field and also types nonsense for his or 
her phone number. Notice that two error messages appear, showing that 
the First Name field is blank and that the Phone field contains incorrect 
information. 



Gi(/in^ users a choice vOlth 
muitipie submit buttons 

You can use more than one submit button in a form. For instance, in a cus- 
tomer order form, you might use a button that reads Submit Order and another 
button that reads Cancel Order However, you can only list one program in the 
action = prograrrinarnepartofyourforrn tag, meaning that the two buttons 
run the same program. PHP solves this problem. By using PHP, you can 
process the form differently, depending on which button the user clicks. 
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You didn't fill in one or more required fields. You must enter: 

First Name 



One or more fields have information that ^ears to be incorrect. Correct the format for: 

Phone 



First Name: \ 



Middle Name: Goliach 



Last Name: Smith 



Phone: Ixxx-xxxx 



Submit naine and phone number 



The following statements create a form witfi two submit buttons: 

<forrn acti on = "twoButtons . php" rnethod="POST"> 

<input type="text" nanie=" 1 astjame" niaxlength="50"><br> 
<input type="subnii t" narrie="di spl ay_button" 

value="Show Address") 
<input type="subrrii t" narrie="di spl ay_button" 

value="Show Phone Number") 

</f orm> 

Notice that the submit button fields have a name: di spl ay_button. The 
fields each have a different value. Whichever button the user clicks sets the 
value for $di spl ay_button. The program twoButtons .php in Listing 8-14 
processes the preceding form. 



Listing 8-14: Program That Processes Two Submit Buttons 



<?php 




/* Program name: 


twoButtons . php 


* Description: 


Program displays different information 


* 


depending on which submit button was 


* 


pushed . 


(continaed) 
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Listing 8-14 (continued) 
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or Phone NurTiber</ti tl e></ head> 



<head><ti tl e>MerTiber Address 
<body> 
<?php 

$user="admi n" ; 
$host=" 1 ocal host" ; 
$password=" " ; 

$database = "MemberDi rectory " ; 

$connection = mysql_connect ( $host , $user , Spassword ) 
or die ("couldn't connect to server"); 

$db = rriysql_sel ect_db( $database , Sconnecti on ) 
or die ("Couldn't select database"); 



if ($_POST['display_button' ] 



'Show Address" ) 



$query = "SELECT street , ci ty , state , zi p FROM Member 

WHERE 1 astNarne=' $_P0ST[1 ast_name] ' " ; 
$result = mysql_query ( $query ) 

or die ("Couldn't execute query."); 
$row = rTiysql_f etch_array ( $resul t ) ; 
extract($row) ; 

echo " $street<br>$ci ty , $state $zip<br>"; 



el se 



$query = "SELECT phone FROM Member 

WHERE lastName=' $_POST[last_name] 
$result = mysql_query ( $query ) 

or die ("Couldn't execute query."); 
$row = mysql_f etch_array ( $resul t ) ; 
echo "Phone: { $row[ ' phone '] )<br>" ; 

1 

?> 

</body></html> 



The program executes different statements, depending on wfiicfi button is 
clicked. If tfie user cliclcs tfie button for the address, the program outputs the 
address for the name submitted in the form; if the user clicks the Show Phone 
Number button, the program outputs the phone number. 



Putting hfomation into a database 

Your application probably needs to store data in your database. For example, 
your database might store information that a user typed into a form for your 
use — a Member Directory is a good example of this. Or your database might 
store data temporarily during the application. Either way, you store data by 
sending SQL queries to MySQL. (1 explain SQL queries in detail in Chapter 4.) 



Chapter 8: Data In, Data Out 



'pBocte. 



Preparing the data 



to prepare the data before storing it in the database. Preparing the 
'udes the following: 

1^ Putting the data into variables 

1^ Making sure that the data is in the format expected by the database 
Cleaning the data . 

Putting the data into Uariabtes 

You store the data by sending it to the database in an SQL query You store 
the data in variables and include the variable names in the query. By using 
PHP, this process is simple. The user provides most of the data that you want 
to store via a form. As I discuss earlier in this chapter, PHP stores the data in 
a variable with the name of the form field, invisibly and automatically, with- 
out your having to store it yourself. You just use the variables that PHP pro- 
vides. Occasionally, you want to store information that you generate yourself, 
such as today's date or a customer order number. You just need to store this 
information in a variable so that you can include it in a query. 



Usin^ the correct format 

When you design your database, you set the data type for each column. The 
data that you want to store must match the data type of the column that you 
want to store it in. For instance, if the column expects a data type integer, the 
data sent must be numbers. Or if the column expects data that's a date, the 
data that you send must be in a format that MySQL recognizes as a date. If you 
send incorrectly formatted data, MySQL still stores the data, but it might not 
store the value that you expected. Here's a rundown of how MySQL stores 
data for the most frequently used data types: 

l|jl CHAR or VARCHAR: Stores strings. MySQL stores pretty much any data sent 
to a character column, including numbers or dates, as strings. When you 
created the column, you specified a length. For example, if you specified 
CHAR( 20 ), only 20 characters can be stored. If you send a string longer 
than 20 characters, only the first 20 characters are stored. The remaining 
characters are dropped. 

Set the maxlengthfor any text input fields in a form to the same length as 
the column width in the database where the data will be stored. That way, 
the user can't enter any more characters than the database can store. 

INT or DECIMAL: Stores numbers. MySQL will try to interpret any data 
sent to a number column as a number, whether it makes sense or not. For 
instance, it might interpret a date as a number, and you could end up with 
a number like 2001.00. If MySQL is completely unable to interpret the data 
sent as a number, it stores 0 (zero) in the column. 
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i/* DATE: Stores dates. MySQL expects dates as numbers, with the year first, 
month second, and day last. The year can be two or four digits (2001 or 
The date can be a string of numbers, or each part can be separated 
hyphen (-), a period (.), or a forward slash (/). Some valid date for- 
mats are 20011203, 980103, 2001-3-2, and 2000.10.01. If MySQL cannot 
interpret the data sent as a date, it stores the date as 0000-00-00. 

*^ ENUM: Stores only the values that you allowed when you created the 
column. If you send data that is not allowed, MySQL stores a 0. 

In many cases, the data is collected in a form and stored in the database as-is. 
For instance, users type their names in a form, and the program stores them. 
However, in some cases, the data needs to be changed before you store it. For 
instance, if a user enters a date into a form in three separate selection lists for 
month, day, and year (as 1 describe in the section, "Building selection lists," 
earlier in this chapter), the values in the three fields must be put together into 
one variable. The following statements put the fields together: 



$expDate = $_POST[ ' expYear ']."-" ; 
$expDate .= $_POST[ ' expMonth ']."-" ; 
SexpDate .= $_POST[ ' expDay ' ] ; 



Another case in which you might want to change the data before storing it is 
when you're storing phone numbers. Users enter phone numbers in a variety 
of formats, using parentheses, dashes, dots, or spaces. Rather than storing 
these varied formats in your database, you might just store the numbers. 
Then when you retrieve a phone number from the database, you can format 
the number however you want before you display it. The following statement 
removes characters from the string: 

$phone = ereg_repl ace( " [ )(.-]","", $_POST[ ' phone ']) ; 

The function ereg_repl ace uses regular expressions to search for a pattern. 
The first string passed is the regular expression to match. If any part of the 
string matches the pattern, it is replaced by the second string. In this case, 
the regular expression is [ ) ( . - ] , which means any one of the characters in 
the square brackets. The second string is " " , which is a string with nothing in 
it. Therefore, any spaces, parentheses, dots, or hyphens in the string are 
replaced by nothing. 



Cleaning the data 

The earlier section "Getting Information from the User," which describes the 
use of HTML forms, discusses checking the data in forms. Users can type 
data into a text field, either accidentally or maliciously, that can cause prob- 
lems for your application, your database, or your users. Checking the data 
and accepting only the characters expected for the information requested 
can prevent many problems. However, you can miss something. Also, in some 
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cases, the information that the user enters needs to allow pretty much any- 
thing. For instance, you normally wouldn't allow the characters < and > in a 
ever, there might be a situation in which the user needs to enter 
racters — perhaps the user needs to enter a technical formula or 
specification that requires them. 



PHP provides two functions that can clean the data, thus rendering it harmless: 

stri p_tags: This function removes all text enclosed by < and > from 
the data. It looks for an opening < and removes it and everything else, 
until it finds a closing > or reaches the end of the string. You can include 
specific tags that you want to allow. For instance, the following state- 
ment removes all tags from a character string except <b> and <i >: 

$last_narne = strip_tags($l ast_narne, "<b><i>" ) ; 

html speci al chars: This function changes some special characters 
with meaning to HTML into an HTML format that allows them to be dis- 
played without any special meaning. The changes are 

• < becomes &1 1 ; 

• > becomes &gt ; 

• & becomes Samp ; 

In this way, the characters < and > can be displayed on a Web page with- 
out being interpreted by HTML as tags. The following statement changes 
these special characters: 

$last_narTie = html speci al cha rs ( $1 ast_nanie ) ; 

If you're positive that you don't want to allow your users to type any < or > 
characters into a form field, use stri p_tags. However, if you want to allow < 
or > characters, you can safely store them after they have been processed by 

html special chars. 

Another function that you should use before storing data in your database is 
trim. Users often type spaces at the beginning or end of a text field without 
meaning to. Trim removes any leading or trailing spaces so they don't get 
stored. Use the following statement to remove these spaces: 

$last_name = tri m( $_POST[ ' 1 ast_name ' ] ) ; 



Addinq nevO infamatian 

You use the I NSERT query (described in Chapter 4) to add new information 
to the database. I N S E RT adds a new row to a database table. The general 
format is 
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$query = "INSERT INTO tablename ( col , col , col . . . ) 

VALUES (' var ',' var ',' var '...)" ; 
t = rriysql_query($query) 
or die ("Couldn't execute query."); 



For instance, the statements to store the name and phone number that a user 
entered in a form are 

SfirstName = "Goliath"; // from form field 

SlastName = "Smith"; // from form field 

$phone = "555-555-5555"; // from form field 

$query = "INSERT INTO Member ( 1 astName , fi rstName , phone ) 

VALUES ('$lastName','$fi rstName ','$phone')"; 
$result = mysql_query($query) 

or die ("Couldn't execute query."); 

Listing 8-15 shows a program called savePhone.php that stores a name and a 
phone number from a form. 



Listing 8-1 5: Program That Stores Data from a Form 

<?php 

/* Program name: savePhone.php 

* Description: Program checks all the form fields for 

* blank fields and Incorrect format. Saves the 

* correct fields In a database. 
*/ 

?> 

<html> 

<head><t1tle>Member Phone Number</t1 tl eX/head) 

<body> 

<?php 

$f1rst_name = strl p_tags( tr1m($_P0ST[ ' f 1 rst_name' ] ) ) ; 
$last_name = str1p_tags(tr1m($_P0ST['last_name'])); 
Iphone = str1p_tags(tr1m($_P0ST[ ' phone' ])) ; 
Iphone = ereg_repl ace( " [ ) ( .-]","" ,$phone) ; 

/* check Information from the form */ 

/* set up array of field labels */ 

$label_array = array ( "f1rst_name" => "First Name", 

"last_name" => "Last Name", 

"phone" => "Phone"); 
foreach ($_POST as Ifleld => lvalue) 
I 

/* check each field for blank fields */ 

If ( lvalue == "" ) 

I 

$blank_array[$f1eld] = "blank"; 

1 

elself ( ereg( " (name) " ,$f1 eld) ) 
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if (!ereg("''[A-Za-z' -] 1 1 ,50)$" ,$_POST[$f i eld] ) ) 
$bad_forniat[$field] = "bad"; 



elseif (Ifield == "phone") 
I 

if(!ereg("'-[0-9)( -](7,20)(([xX] | (ext) | (ex) )?[ -]?[0-9] 1 1 ,7) )?$" ,$val ue) 
( 

$bad_forniat[$field] = "bad"; 



1 // end of foreach for $_POST 

/* if any fields were not okay, display error message and form */ 

if (@sizeof($blank_array) > 0 or @sizeof($bad_format) > 0) 

( 

if (@sizeof($blank_array) > 0) 
I 

/* display message for missing information */ 

echo "<b>You didn't fill in one or more required fields. 

You must enter:</b><br>" ; 
/* display list of missing information */ 
foreach($blank_array as Ifield => lvalue) 
I 

echo "    I $1 abel_array[$f i eld] l<br>" ; 



if ((asizeof($bad_format) > 0) 
I 

/* display message for bad information */ 

echo "<b>One or more fields have information that appears to 

be incorrect. Correct the format for:</b><br>" ; 
/* display list of bad information */ 
foreach($bad_format as $field => lvalue) 
I 

echo "    I $1 abel_array[$f i eld] l<br>" ; 



/* redisplay form */ 
echo "<p><hr> 

<form action='checkAll .php' method='POST'> 

<center> 

<table width='95%' border='0' cellspacing='0' cellpadding='2'> 
<tr><td align='right'><B>|$label_array['first_name']):</br></td> 
<td><input type='text' name='first_name' size='65' maxlength='65' 
value='$first_name' > </td> 

</tr> 

<tr><td align='right'><B>|$label_array['last_name']):</B></td> 
<td> <input type='text' name='last_name' size='65' maxlength='65' 
value='$last_name'> </td> 

</tr> 



(continued) 
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CtrXtd align='right'><B>{$label_array[' phone' ]l:</B></td> 
<td> <input type='text' name='phone' size='55' maxlength='65' 
value='$phone'> </td> 

</tr> 
</table> 

<p><input type=' submit' value='Subniit name and phone number') 
</form> 
</center>" ; 
exi t( ) ; 

1 

else //if data i s okay 
( 

$user="admi n" ; 
$host="l ocal host" ; 
$password=" " ; 

Idatabase = "MemberDi rectory" ; 

Sconnection = mysql_connect($host,$user,$password) 

or die ("couldn't connect to server"); 
$db = mysql_select_db($database, Sconnection) 

or die ("Couldn't select database"); 
Iquery = "INSERT INTO Member (lastName.firstName, phone) 

VALUES ( ' $1 ast_name ' , ' $f i rst_name' , ' Iphone ' ) " ; 
Iresult = mysql_query($query) 

or die ("Couldn't execute query."); 
echo "New Member added to database<br>" ; 



?> 

</body></html> 



This program builds on the program in Listing 8-14. It checks the data from 
the form for blank fields and incorrect formats, asking the user to retype the 
data when it finds a problem. If the data is okay, the program trims the data, 
cleans it, and stores it in the database. 

The program in Listing 8-15 is a demonstration program showing how to add 
a single line to a database table. If you use this program, you can only add a 
single customer to the database because this program does not create or 
insert a unique login name. You need to delete the customer that you added 
before you can run the program again. This is not a program that you would 
use to add customers in a real situation. It's just a very simple demo program 
to show the principles needed. Listing 12-3 in Chapter 12 is an example of a 
real program for adding customers that would be useful for a real Web 
application. 

Your application might need to store data in several different places. A function 
that stores data from a form can be very useful. The following is a function that 
stores all the data in a form: 
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function storeForrri($forrTidata,$tablenarTie) 
( ! i s_a rray ( $f ormdata ) ) 



return FALSE; 
exi t( ) ; 

1 

foreach (Sformdata as $field => $value) 
I 

$forrridata[$field] = trirn($forrridata[$field] ) ; 
$formdata[$field] = stri p_tags ( $f ormdata [$fi el d] ) ; 
if ($field == "phone") 
{ 

$forrndata[$field] = 

ereg_repl ace( " [ ) ( .-]","", $f ormdata [ $f i el d] ) : 

} 

$f ield_array[]=$field; 

$val ue_array[]=$formdata[$f ield] ; 

1 

$f i el ds = i mpl ode( " , " , $f i el d_array ) ; 
$values = implode('","' ,$val ue_a rray ) ; 
$query = "INSERT INTO Stablename ($fields) 

VALUES (\"$values\")" ; 
$result = mysql_query ( $query ) 

or die ("Couldn't execute query."); 
return TRUE; 



The function returns TRUE if it finishes inserting the data without an error At 
the beginning, the function checks that the data passed to it is actually an 
array. If $f ormdata is not an array, the function stops and returns FALSE. 

Notice that this function works only if the field names in the form are the 
same as the column names in the database table. Also notice that this func- 
tion assumes that you're already connected to the MySQL server and have 
selected the correct database. By using this function, here is the last part of 
the program in Listing 8-15: 

else //if data is okay 
I 

$stored = storeForm( $_POST , "Member" ) ; 
echo "New Member added to database<br>" ; 

1 

?> 

</body></html> 



Notice how much easier this program is to read with the majority of the state- 
ments in the function. Furthermore, this function works for any form as long 
as the field names in the form are the same as the column names in the data- 
base table. If the function is unable to execute the query, it stops execution at 
that point and prints the error message "Couldn't execute query". If there 
are circumstances in which the query might fail, you need to take these into 
consideration. 
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te existing information with the UPDATE query, as I describe in 
'4. Updating means changing data in the columns of rows that are 
already in the database — not adding new rows to the database table. The 
general format is 

$query = "UPDATE tablename SET col=value WHERE col=val ue" ; 
Sresult = mysql_query($query) 

or die ("Couldn't execute query."); 

For instance, the statements to update the phone number for Goliath Smith are 

SfirstName = "Goliath"; // from form field 

SlastName = "Smith"; // from form field 

$phone = "555-555-5555"; // from form field 

$query = "UPDATE Member SET phone= ' $phone ' 

WHERE 1 astName=' $1 astName ' 
AND f i rstName=' $f i rstName ' " ; 
$result = mysql_query($query) 

or die ("Couldn't execute query."); 

If you don't useaWHERE clause in an UPDATE query, the field that is S E T is set 
for all the rows. That is seldom what you want to do. 

Listing 8-16 shows a program called updatePhone.php that stores a name 
and a phone number from a form. 



Listing 8-16: Program That Updates Data 

<?php 

/* Program name: updatePhone.php 

* Description: Program checks the phone number for incorrect format. Updates 

* the phone number In the database for the specified name. 
*/ 

?> 

<html> 

<head><t1tle>Member Phone Number</ti tl eX/head) 

<body> 

<?php 

Sphone = strip_tags(trim($_POST[ ' phone '])) ; 
Sphone = ereg_repl ace( " [ ) ( .-]","" Jphone) ; 
$first_name = $_POST[ ' f i rst_name' ] ; 
$last_name = $_POST[ ' 1 ast_name' ] ; 

/* check information from the form */ 

/* set up array of field labels */ 

$label_array = array ( "first_name" => "First Name", 
"last_name" => "Last Name", 
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"phone" => "Phone"); 
foreach ($_POST as Ifield => lvalue) 



iheck each field for blank fields */ 
lvalue == "" ) 



lblank_array[lfield] = "blank"; 

1 

elseif ( ereg( " (name) " ,lf i eld) ) 
( 

if (!ereg("''[A-Za-z' -] 1 1 ,5011" ,l_POST[lf i eld] ) ) 
I 

lbad_forniat[lfield] = "bad"; 



elseif (Ifield == "phone") 
( 

if(!ereg("''[0-9)( -] 17 ,20 1 ( ( [xX] | (ext ) | (ex) )?[ -]?[0-9] (1 ,7] )?l" ,lval ue) ) 
I 

lbad_format[lfield] = "bad"; 



/* if any fields were not okay, display error message and form */ 

if (@sizeof(lblank_array) > 0 or @sizeof(lbad_format) > 0) 

( 

if (@sizeof(lblank_array) > 0) 
( 

/* display message for missing information */ 
echo "<b>You didn't fill in one or more required 

fields. You must enter:<7b><br>"; 
/* display list of missing information */ 
foreach(lblank_array as Ifield => lvalue) 
( 

echo "    I II abel_array[lf i eld] l<br>" ; 



if ((asizeof(lbad_format) > 0) 
( 

/* display message for bad information */ 

echo "<b>One or more fields have information that 

appears to be incorrect. Correct the format 

for:</b><br>"; 
/* display list of bad information */ 
foreach(lbad_format as Ifield => lvalue) 
I 

echo "    111 abel_array[lf i eld] l<br>" ; 



/* redisplay form *7 
echo "<p><hr> 
<form action='checkAll .php' method='POST'> 



(continued) 
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<center> 

able width='95%' border='0' cellspacing='0' 
cellpadding='2'> 
<tr><td align='right'> 

<b>|$label_array['first_narie']l :</b></td> 
<td><input type='text' nanie='first_nanie' size='65' 
maxlength='65' value='$first_name' > </td> 

</tr> 

<tr><td align='right'> 

<b>|$label_array['last_name']):</b></td> 
<td> <input type='text' name='last_name' size='65' 
niaxlength='65' value='$last_nanie'> </td> 

</tr> 

<tr><td align='right'> 

<b>|$label_array[ 'phone' ] 1 :</b></td> 
<td> <input type='text' name='phone' size='65' 
niaxlength='65' value='$phone'> </td> 

</tr> 

</table> g 
<p><input type='subniit' 

value='Subriit name and phone number') 

</form> 
</center>" ; 
exitO; ^^^^^ 

1 

else //If data 1 s okay 
( 

$user="admin" ; 
$host="l ocal host" ; 
$password=" " ; 

Sdatabase = "MemberDi rectory" ; 

Iconnection = mysql_connect($host,$user,$password) 

or die ("couldn't connect to server"); 
$db = mysql_select_db($database,$connection) 

or die ("Couldn't select database"); 



Iquery = "UPDATE Member SET phone='$phone' 

WHERE lastName='$last_name' AND f1rstName='$f1rst_name' 
Iresult = mysql_query($query) 

or die ("Couldn't execute query. " .mysql_error( )) ; 
echo " Member phone number has been updated<br>" ; 

1 

?> 

</body></html> 



The program in Listing 8-16, which updates the database, is almost identical 
to the program in Listing 8-15, which adds new data. Using an UPDATE query 
in this program — instead of the I NSERT query you used to add new data — 
is the major difference. Both programs check the data and then clean it 
because both programs store the data in the database. 
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s you want to receive an entire file of information from a user, sucfi 
as user resumes for your job-search Web site or pictures for your photo 
album Web site. Or, suppose that you're building the catalog from informa- 
tion supplied by Sales. In addition to descriptive text about the product, you 
want Sales to provide you with a picture of the product. You can provide a 
form that Sales can use to upload an image file. 



Usinq a form to upload the file 

You can display a form that allows a user to upload a file by using an HTML 
form designed for that purpose. The general format of the form is as follows: 

<form enctype="rnulti part/form -data" 

action = "processfne.php" niethod = "POST"> 

<input type="hidden" nanie="MAX_FI LE_SIZE" val ue="30000"> 

<input type="file" nanie="user_f i 1 e"> 

<input type="subrrii t" val ue="Upl oad File"> 
</f orm> 



Notice the following points regarding the form: 



J The enctype attribute is used in the form tag. You must set this attribute 
tomultipart/formdata when uploading a file to ensure that the file 
arrives correctly. 

V A hidden field is included that sends a value (in bytes) for 

MAX_FI LE_SIZE. If the user tries to upload a file that is larger than this 
value, it won't upload. You can set this value as high as 2MB. If you need 
to upload a file larger than that, you need to change the default setting for 
up! oad_rTiax_f i 1 esi ze in php . i ni to a larger number before sending a 
value larger than 2MB for MAX_FI LE_SIZE in the hidden field. 

The input field that uploads the file is of type file. Notice that the 
field has a name — user_f i 1 e — as do other types of fields in a form. 
The filename that the user enters into the form is sent to the processing 
program and is available in the built-in array called FILES. 1 explain the 
structure and information in FILES in the following section. 

When the user submits the form, the file is uploaded to a temporary location. 
The script that processes the form needs to copy the file to another location 
because the temporary file is deleted as soon as the script is finished. 
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Processing^ the uploaded file 



on about the uploaded file is stored in the PHP built-in array called 
An array of information is available for each file that was uploaded, 
resulting in $_FI LES being a multidimensional array. As with any other form, 
you can obtain the information from the array by using the name of the field. 
The following is the array available from $_FI LES for each file that is 
uploaded. 



$_FILES[ 'f 76 /c/name '][' name ' ] 
$_FILES[ 'ffe/c/name '][ 'type' ] 
$_FI LES[ ' fi el dname 'it' tmpjame ' ] 
$_FILES[ 'f7e/c/naf77e']['size'] 



For example, suppose that you use the following field to upload a file, as 
shown in the previous section: 



<input type="file" name="user_f i 1 e"> 



If the user uploads a file named test.txt by using the form, the resulting 
array that can be used by the processing program looks something like this: 

$_FI LES[user_f i 1 e] [name] = test.txt 
$_FI LES[user_f i 1 e] [type] = text/plain 
$_FILES[user_file][tmp_name] = D:\WINNT\php92C.tmp 
$_FILES[user_file][size] = 435 



In this array, name is the name of the file that was uploaded, type is the type 
of file, tmp_name is the path/filename of the temporary file, and 435 is the 
size of the file. Notice that name contains only the filename, but tmp_name 
includes the path to the file as well as the filename. 

If the file is too large to upload, the tmp_name in the array is set to none, 
and the size is set to 0. The processing program must move the uploaded file 
from the temporary location to a permanent location. The general format of 
the statement that moves the file is as follows: 

move_upl oaded_f i ^eipath/tempfi 1 ename , path/permfi lename) ; 

The path/tempfi / ename is available in the built-in array element 
$_FI LES['fieldname'][' tmp_f i 1 e ' ]. The path/permfi 1 ename is the 
path to the file where you want to store the file. The following statement 
moves the file uploaded in the input field, given the name user_f i 1 e, shown 
earlier in this section: 

move_upl oaded_f i 1 e( $_FI LES[ ' user_f i 1 e ' ] [ ' tmp_name ' ] , 
' c : \data\new_f i 1 e . txt ' ) ; 
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The destination directory (in this case, c:\data) must exist before the file 
can be moved to it. This statement doesn't create the destination directory. 



an be an issue when uploading files. Allowing strangers to load files 
computer is risky; malicious files are possible. You probably want 
to check the files for as many factors as possible after they're uploaded, 
using conditional statements to check file characteristics, such as expected 
file type and size. In some cases, for even more security, it might be a good 
idea to change the name of the file to something else so that users don't 
know where their files are or what they're called. 



Putting it att together 



A complete example script is shown in Listing 8-17. This program displays 
a form for the user to upload a file, saves the uploaded file, and then displays 
a message after the file has been successfully uploaded. That is, this program 
both displays the form and processes the form. This program expects the 
uploaded file to be an image file and tests to make sure that it is an image file, 
but any type of file can be uploaded. The HTML code for the form is in the 
include file shown in Listing 8-18. A Web page displaying the form is shown in 
Figure 8-15. 



Listing 8-1 7: A Script That Uploads a File by Using a POST Form 

<?php 

/* Script name: upl oadFi 1 e . php 
* Description: Uploads a file via HTTP using a POST form. 
*/ 

if ( !isset($_POST['Upload'])) #5 
I 

i ncl ude( "f orm_upl oad . i nc" ) ; 
} # endif 

el se #9 

{ 

i f ( $_FI LES[ ' pi X ' ] [ ' tmp_name ' ] == "none") #11 

{ 

echo "<b>File did not successfully upload. Check the 

file size. File must be less than 500K.<br>"; 
i ncl ude( "f orm_upl oad . i nc" ) ; 
exit( ) ; 

) 

if( !ereg(" image" , $_FI LES[ ' pi x ' ] [ ' type ' ] ) ) #16 
{ 

echo "<b>File is not a picture. Please try another 

file.</b><br>" ; 
i ncl ude( "f orm_upl oad . i nc" ) ; 
exit( ) ; 

1 

(continued) 
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] [ ' name ' ] 



estination = ' c : \data ' . " W" . $_FI LES[ ' pi x ' 
temp_file = $_FI LES[ ' pi x ' ] [ ' tmpjame ' ] ; 
move_upl oaded_f i 1 e ( $terrip_f i 1 e , $desti nati on ) ; 
echo "<p><b>The file has successfully upl oaded : </b> 
{$_FILES['pix']['name']) 
({$_FILES['pix']['size']))</p>"; 



?> 

I have added line numbers at the end of some of the lines in the script. The 
script is discussed below with reference to these line numbers: 

5 This line is an i f statement that tests whether the form has been sub- 
mitted. If not, the form is displayed by including the file containing the 
form code. The include file is shown in Listing 8-18. 

9 This line starts an el se block that executes if the form has been submit- 
ted. This block includes the rest of the script and processes the submit- 
ted form and uploaded file. 

1 1 This line is an i f statement that tests whether the file was successfully 
uploaded. If not, an error message is displayed, and the form is redis- 
played, y 

16 This line is an i f statement that tests whether the file is a picture. If not, 
an error message is displayed, and the form is redisplayed. 

23 This line starts an el se block that executes if the file has been success- 
fully uploaded. The file is moved to its permanent destination, and a 
message is displayed that the file has been uploaded. 

Listing 8-18 shows the include file used to display the upload form. 



Listing 8-18: An Include File That Displays the File Upload Form 



<! 

<htrril 
<head 
<body 
<ol>< 



< 



: f orrn_upl oad . i nc 
Displays a form to upload a 

Upload</title></head> 



</ol> 



Program Name 

Description: Displays a form to upload a file 
> 

><t1tle>F11e 
> 

11>Enter the file name of the product picture you want 
to upload or use the browse button 
to navigate to the picture file.</li> 
li>When the path to the picture file shows in the text 
field, click the Upload Picture button. </li> 
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<div al ign="center"><hr> 

nctype="rnulti part/form -data" 

acti on = " upl oadFi 1 e . php" rnethod=" POST" > 
t type="hidden" nanie="MAX_FI LE_SIZE" val ue="500000"> 

^input type="file" narne="pix" size="60"> 
<p><input type = " submit" narrie="Upl oad" 
val ue="Upl oad Picture") 

</f orm) 

</body></htnil> 




Notice that the include file doesn't contain PHP code — just HTML code. 

The form that allows users to select a file to upload is shown in Figure 8-15. 
The form has a text field for inputting a filename and a browse button that 
enables the user to navigate to the file and select it. 



Figure 8-15: 

A form that 
allows users 
to upload an 
Image file. 



3 File Upload - Microsoft Internet Explorer 



File Edit View Favorites Tools Help 



Address |£i httpV/localhost/PHPtMySaLfotOummies/uploadFite php 



3 



1 , Enter the file name of the product picture you want to upload or use the browse button to 
navigate to the picture file. 



2, When the path to the picture file shows in the text field, click the Upload Picture button. 








1 




Browse.,, | 










^ Upload Picture ) 



e} Done 



Local Intranet 
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Chapter 9 

°^°P^teglnformationfromOne 

Web Page to the Next 



In This Chapter 

^ Moving your user from one page to the next 
^ Moving information from one page to the next 
^ Adding information to a URL 
p Taking a look at cookies 
^ Using hidden form fields 
► Discovering PHP sessions 



j\Ju ost Web sites consist of more than one Web page. This includes the 
# r i static Web pages that you may have developed in the past. With static 
Web pages, users click links to move from one page to the next. Users click a 
link in one Web page, and a new Web page appears in their browser. When 
users move from page to page this way, no information is transferred from the 
first page to the second. Each new page that is sent to the user's browser is 
independent of any other pages that the user may have seen previously. With 
dynamic Web pages, you may need to transfer information from one page to 
the next. If you are an advanced HTML developer, you may have some experi- 
ence with limited methods for transferring information from one page to the 
next by using HTML forms and CGI (Common Gateway Interface) or cookies. 
However, PHP is much more powerful for passing information from Web page 
to Web page. 



Mo(/m0 \lour User from 
One Paqe to Another 

When using HTML only, you provide links so that a visitor can go from one 
page to another in your Web site. When using PHP, however, you have three 
options for moving your user from one page to the next. 
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Links: You can echo the HTML tags that display a link. The general 
format of an HTML statement that displays a link is 

href="newpage . php">Text user sees as a link</a> 



When users click the link, the program newpage . php is sent to their 
browser. This method is used extensively in HTML Web pages. You're 
likely familiar with creating links from your HTML experience, but if you 
need a refresher, find out more about links in any HTML book, such as 
HTML 4 For Dummies Quick Reference, 2nd Edition, by Deborah S. Ray 
and Eric J. Ray (Wiley). 

Form submit buttons: You can use an HTML form with one or more 
submit buttons. When the user clicks a submit button, the program in 
the form tag runs and sends a new Web page to the user's browser You 
can create a form with no fields — only a submit button — but the user 
must click the submit button to move to the next page. 

1 discuss forms and submit buttons thoroughly in Chapter 8. 

The header function: You can send a message to the Web server that 
tells it to send a new page by using the PHP header function. When 
using this method, you can display a new page in the user's browser 
without the user having to click a link or a button. 



The PHP header function can be used to send a new page to the user's 
browser The program uses a header statement and displays the new Web 
page without needing any user action. When the header statement is exe- 
cuted, the new page is displayed. The format of the header function that 
requests a new page is 



header( " Locati on : URL"); 



The file located at URL is sent to the user's browser Either of the following 
statements are valid header statements: 

headerC Locati on: newpage. php"); 

headerC Locati on: http://company.com/catalog/catalog. php") ; 



The header function has a major limitation, however The header statement 
can only be used before any other output is sent. You cannot send a message 
requesting a new page in the middle of a program after you have echoed 
some output to the Web page. See the sidebar for a discussion of "Statements 
that must come before output." 
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URLs 



A Uniform Resource Locator) is an address 
on the World Wide Web. Every Web page has 
its own URL or address. The URL is used by the 
Web server to find the Web page and send it to 
a browser. 

The format of a URL is 

HTTP : //servername: portnumber/ 
patMI'targetl string=string 

Here's a breal<down of the parts that mal<e up 
the URL: 

HJJP :// servername: This tells the 
server that the address is a Web site and 
gives the name of the computer where the 
Web site is located. Other types of transfer 
can be specified, such as FTP (File Transfer 
Protocol), but these aren't related to the 
subject of this book. If this part of the URLis 
left out, the Web server assumes that the 
computer is the same computer that the 
URL is typed on. Valid choices for this part 
are HTTP : //amazon.com or HTTP : // 
1 ocal host. Note: HTTP doesn't have to 
be in uppercase letters. 

1^ : portnumber: The Web server 
exchanges information with the Internet at 
a particular port on the computer. Most of 
the time, the Web server is set up to com- 
municate via port 80. If the port number isn't 
specified, port 80 is assumed. In some 
unusual circumstances, a Web server may 
use a different port number, in which case 
the port number must be specified. The 
most common reason for using a different 
port number is to set up a test Web site on 
another port that's available only to devel- 
opers and testers, not customers. When the 



site is ready for customers, it is made avail- 
able on port 80. 

1^ path: This is the path to the file, which fol- 
lows the rules of any path. The root of the 
path is the main Web site directory. If the 
path points to a directory, rather than a file, 
the Web server searches for a default file 
name, such as def aul t . html or i ndex . 
html. The person who administers the 
Web site sets the default file name. The 
path /catal og/show . php indicates a 
directory called catalog that is in the 
main Web site directory and a file named 
show. php. The path catalog/show, 
php indicates a directory called catal og 
that is in the current directory. 

1^ //target: An HTML tag defines a target. 
This part of the URL displays a Web page 
at the location where the target tag is 
located. For instance, if the tag <a name= 
"target"></a> is in the middle of the file 
somewhere, the Web page will be dis- 
played at the tag rather than at the top of 
the file. 

1^ ?stri ng=stri ng: The question mark 
allows information to be attached to the end 
of the URL. The information in forms that 
use the get method is passed atthe end of 
the URLintheformat f i el dname=val ue. 
You can add information to the end of a URL 
to pass it to another page. PHP automati- 
cally gets information from the URL and puts 
it into built-in arrays. You can pass more 
than one stri ng = stri ng pair by sepa- 
rating each pair with an ampersand (&): for 
example, ?state=CA&ci ty=home. 
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ents that must come before output 



^mET Pffp stafertrents can only be used before sending any output, header statements, 
setcooki e statements, and sessi on functions, all described in this chapter, must all come 
before any output is sent. If you use one of these statements after sending output, you may seethe 
following message: 

Cannot add header information - headers already sent 

The message will also provide the name of the file and indicate which line sent the previous output. 
Or you might not see a message at all; the new page might just not appear. (Whether you see an 
error message depends on what error message level is set in PHP; see Chapter 6 for details.) The 
following statements will fail because the header message is not the first output: 

<html> 

<head><title>testing header</title></head> 

<body> 

<?php 

headerC'Location: http://cornpany.com") ; 

?> 

</body> 
</html> 

Three lines of HTML code are sent before the header statement. The following statements will 
work, although they don't make much sense: 



headerC'Location: http: //company . com" ) ; 
?> 

<html> 

<head><title>testing header</title></head> 

<body> 

</body> 

</html> 

The following statements will fail: 

<?php 

header("Location: http://company.com") ; 

?> 

<html> 

<head><ti tl e>testi ng header</title></head> 
<body> 
</body> 
</htnl> 

The reason why these statements fail is not easy to see, but if you look closely, you'll notice a single 
blank space before the opening PHP tag. This blank space is output to the browser, although the 
resulting Web page looks empty. Therefore, the header statement fails because there is output 
before it. This is a common mistake and difficult to spot. 



<?php 
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In spite of its limitation, the header function can be useful. You can have as 
many PHP statements as you want before the header function as long as they 
d output. Therefore, the following statements will work: 



f ( $customer_age < 13) 

header (" Locati on : ToyCatal og . php" ) ; 
1 se 

headerC Locati on: ElectronicsCatalog.php"); 



?> 



These statements run a program that displays a toy catalog if the customer's 
age is less than 13 but run a program that displays an electronics catalog if 
the customer's age is 13 or older. 



Mo(/m0 Information from Pa^e to Pa^e 

HTML pages are independent from one another. When a user clicks a link, the 
Web server sends a new page to the user's browser, but the Web server doesn't 
know anything about the previous page. For static HTML pages, this process 
works fine. However, many dynamic applications need information to pass 
from page to page. For instance, you might want to store a user's name and 
refer to that person by name on another Web page. 

Dynamic Web applications often consist of many pages and expect the user 
to view several different pages. The period beginning when a user views the 
first page and ending when a user leaves the Web site is a session. Often you 
want information to be available for a complete session. The following are 
examples of sessions that necessitate sharing information among pages: 

Restricting access to a Web site: Suppose that your Web site is restricted 
and users log in with a password to access the site. You don't want users 
to have to log in on every page. You just want them to log in once and 
then be able to see all the pages that they want. You want users to bring 
information with them to each page showing that they have logged in and 
are authorized to view the page. You want users to log in and remain 
logged in for the whole session. 

Providing Web pages bcised on browser: Because browsers interpret 
some HTML features differently, you might want to provide different ver- 
sions of your Web pages for different browsers. You want to check the 
user's browser when the user views the first page and then deliver all 
the other pages based on the user's browser type and version. 
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With PHP, you can move information from page to page by using any of the 
following methods: 

ing information to the URL: You can add certain information to the 

of the URL of the new page, and PHP will put the information into 

built-in arrays that you can use in the new page. This method is most 
appropriate when you need to pass only a small amount of information. 

Storing information via coolcies: You can store cookies — small 
amounts of information containing variable=val ue pairs — on the 
user's computer. After the cookie is stored, you can get it from any Web 
page. However, users can refuse to accept cookies. Therefore, this 
method only works in environments where you know for sure that the 
user will have cookies turned on. 

Passing information using HTML forms: You can pass information to a 
specific program by using a form tag. When the user clicks the submit 
button, the information in the form is sent to the next program. This 
method is very useful when you need to collect information from users. 

Using PHP session functions: Beginning with PHP 4, PHP functions are 
available that set up a user session and store session information on the 
server; this information can be accessed from any Web page. This 
method is very useful for sessions in which you expect users to view 
many pages. 



Adding^ information to the URL 

A simple way to move information from one page to the next is to add the 
information to the URL. Put the information in the following format: 

variable= va / ue 

The var1 able is a variable name, but do not use a dollar sign ($) in it. The 
va 1 ue is the value to be stored in the variable. You can add the 
variable = val ue pairs anywhere that you use a URL. You signal the start of 
the information with a question mark (?). The following statements are all 
valid ways of passing information in the URL: 

<forrTi acti on = "nextpage . php?state=CA" rTiethod=" POST"> 

<a href="nextpage . php?state=CA">go to next page</a> 

headerC'Location: nextpage.php?state=CA") ; 

You can add several variable=value pairs, separating them with ampersands 
(&) as follows: 

<forrn acti on = " next page . php?state=CA&ci ty=horrie" rnethod = " POST"> 
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Here are two reasons why you might not want to pass information in the URL: 
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rity: The URL is shown in the address line of the browser, which 
ns that the information that you attach to the URL is also shown. If 
the information needs to be secure, you don't want it shown so publicly. 
For example, if you're moving a password from one page to the next, you 
probably don't want to pass it in the URL. Also, the URL can be book- 
marked by the user. There may be reasons why you don't want your 
users to save the information that you add to the URL. 

Length of string: There is a limit on the length of the URL. The limit dif- 
fers for various browsers and browser versions, but there is always a 
limit. Therefore, if you're passing a lot of information, there may not be 
room for it in the URL. 



Adding information to the URL is very useful for quick, simple data transfer For 
instance, suppose that you want to provide a Web page where users can update 
their phone numbers. You want the form to behave in the following way: 



\. When the user first displays the form, the phone number from the data- 
base is shown in the form so that the user can see what number is cur- 
rently stored in the database. 

2. When the user submits the form, the program checks the phone number 
to see whether the field is blank or whether the field is in a format that 
could not possibly be a phone number. 

3. If the phone number checks out okay, the number is stored in the 
database. | 

4. If the phone number is blank or has bad data, the program redisplays 
the form. However, this time you don't want to show the data from the 
database. Instead, you want to show the bad data that the user typed 
and submitted in the form field. 



The di spl ayPhone . php program in Listing 9-1 shows how to use the URL 
to determine whether this is the first showing of the form or a later showing. 
The program shows the phone number for the user's login name and allows 
the user to change the phone number. 



Listing 9-1 : Program That Displays Phone Number in Form 

<?php 

/* Program name: displayPhone.php 

* Description: Displays a phone number retrieved from the database and 

* allows the user to change the phone number. 
*/ 

?> 

<html> 

<head><title>Display phone number</title></head> 



(continued) 
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Listing 9-1 (continued) 




$password=" " ; 

$database="MeniberDi rectory" ; 

SloginName = "gsmith"; // passed from previous page 
Sconnection = niysql_connect($host,$user,$password) 

or die ("couldn't connect to server"); 
$db = mysql_select_db($database, Sconnection) 

or die ("Couldn't select database"); 

if ((a$_GET[ 'first'] == "no") 
( 

Iphone = $_POST['phone']; 

if (!ereg("''[0-9)( -]|7,Z0)(([xX] | (ext) | (ex))?[ -]?[0-9] 1 1 ,7) )?$" Jphone) 
or Iphone == " " ) 

{ 

echo "<p align='center'>Phone number does not 
appear to be valid. <br>"; 

1 

else 
( 

Iquery = "UPDATE Member SET phone='$phone' 

WHERE loginName='$loginName' " ; 
Iresult = mysql_query($query) 

or die ("Couldn't execute query."); 
echo "Phone number has been updated . <br>" ; 
exit( ) ; 

1 

1 

el se 

( 

Iquery = "SELECT phone EROM Member WHERE loginName='$loginName' " ; 
Iresult = mysql_query($query) 

or die ("Couldn't execute query."); 
$row = mysql_fetch_array($result) ; 
extract($row) ; 

1 

/* Display user phone in a form */ 
echo "<br><p align='center'> 

<font size='+r><b>Please check the phone number 

below and correct it if necessary. </b></font> 

<hr> 

<form action='displayPhone.php?first=no' method='POST'> 
<div align='center'> 

<table width='50%' border='0' cellspacing='0' cellpadding='2'> 
<tr><td align='right'><B>$loginName</br></td> 

<td align='center'><input type='text' name='phone' 

size='20' maxlength='20' value='$phone' > </td> 

</tr> 
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<tr><td></td><td align='center'> 

<br><input type='submit' value='Submit phone number ' ></td> 
</tr> 
</table> 
/form)" ; 
?> 

</body></html> 

Notice the following key points about this program: 

The same program displays and processes the form. The name of this 
program is di spl ayPhone . php. Notice that the form tag includes 
action=displayPhone.php, meaning that when the user clicks the 
submit button, the same program runs again. 

V Information is added to the URL. The form tag includes 

acti on=di spl ayPhone . php?f i rst=no. When the user clicks the submit 
button and displayPhone.php runs the second time, a variable $ f i r s t 
is passed with the value "no". 

The value that was passed for f i rst in the built-in $ GET array is 
checked at the beginning of the program. This is to see whether this is 
the first time that the program has run. 

If $ GET[f i rst] equals "no", the phone number is checked. 

$_G ET [ f i r s t ] only equals n o if the form is being submitted. 
$_GET[f i rst] does not equal no if this is the first time through the 
program. 

• If the phone number is okay, it is stored in the database, and the 
program ends. 

• If the phone number is not okay, an error message is printed. 

If $ GET[f i rst] does not equal "no", the phone number is retrieved 
from the database. In other words, if $_GET[f i rst] doesn't equal no, it 
is the first time that the program has run. The program should get the 
phone number from the database. 

If the program reaches the statements that display the form, the form 
is displayed. If this is not the first time through the program and a 
phone number was submitted and was okay, the phone number is stored 
in the database, and the program stops. It never reaches the statements 
that display the form. In all other cases, the form is displayed. 

The form displayed by the program in Listing 9-1 is shown in Figure 9-1. This 
shows what the Web page looks like the first time that it's displayed. Notice 
that the URL in the browser address field doesn't have any added information. 

Figure 9-2 shows the results when a user types a nonsense phone number in 
the form in Figure 9-1. Notice that the URL in the browser address field now 
has ?first=no added to the end of it. 
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3 Display phone number - Microsoft Internet Explorer 



File Edit View Favorites Jools Help 

stop Refresh Home ' Search Favorites History | Ivlail Print Edit ReaLcom 



Figure 9-1: 

HTML form 
to update 
a phone 
number. 



Tittp /,'|arietval.san.rr.com/PHP&M>iSQLforDummies/disp!ayPhone.php 



"3 ^Gq |jUnks»|] » 



^ Done 



Hease check the phone number below and correct it if necessary. 



gsmith 



1123-123-1234 
Submit phone number 



Figure 9-2: 

HTML form 
when a user 
submits a 
nonsense 
phone 
number. 



3 Display phone number - Microsoft Internet Explorer 



File Edit View Favorites Tools Help 



Back j-'r Stop Refresh Home Search Favorftes History Mai Print Edit ReaLcom 



Address ]0} http7/|anetval.san.fr.corn/PHP?<MvSQLtorDummiei/displayPhone.php?[ijst=r 



~T] ^>Go 1 1 Unks **l I » 



^ Done 



Phone niiinber does not appear to be valid. 
Please check the phone number below and correct it if necessaiy. 



gsmidi 



|123-123-)co<x 
^ Submit phone number 
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tore information as cookies. Cookies are small amounts of information 
gvariable=value pairs, similar to the pairs that you can add to a 
URL. The user's browser stores cookies on the user's computer Your applica- 
tion can then get the cookie from any Web page. Why these are called cookies 
is one of life's great mysteries. Perhaps they're called cookies because they 
seem at first glance to be a wonderful thing, but on closer examination, you 
realize that they aren't that good for you. For some people in some situations, 
cookies are not helpful at all. 

At first glance, cookies seem to solve the entire problem of moving data from 
page to page. Just stash a cookie on the user's computer and get it whenever 
you need it. In fact, the cookie can be stored so that it remains there after the 
user leaves your site and will still be available when the user enters your Web 
site again a month later Problem solved! Well, not exactly. Cookies are not 
under your control: They're under the user's control. The user can at any time 
delete the cookie. In fact, users can set their browsers to refuse to allow any 
cookies. And many users do refuse cookies or routinely delete them. Many 
users aren't comfortable with the whole idea of a stranger storing things on 
their computers, especially files that remain after they leave the stranger's 
Web site. It's an understandable attitude. However, it definitely limits the use- 
fulness of cookies. If your application depends on cookies and the user has 
turned off cookies, your application won't work for that user 

Cookies were originally designed for storing small amounts of information for 
short periods of time. Unless you specifically set the cookie to last a longer 
period of time, the cookie will disappear when the user leaves your Web site. 
Although cookies are useful in some situations, you're unlikely to need them 
for your Web database application for the following reasons: 



Users may set their browsers to refuse cookies. Unless you know for 
sure that all your users will have cookies turned on or you can request 
that they turn on cookies (and expect them to follow your request), 
cookies are a problem. If your application depends on cookies, it won't 
run if cookies are turned off. 

PHP has features that work better than cookies. Beginning with PHP 4, 
PHP includes functions that create sessions and store information that's 
available for the entire session. This session feature is more reliable and 
much easier to use than cookies for making information available to all 
the Web pages in a session. Sessions don't work for long-term storage of 
information, but MySQL databases can be used for that. 

You can store data in your database. Your application includes a database 
where you can store and retrieve data, which is usually a better solution 
than a cookie. Users can't delete the data in your database unexpectedly. 
Because you're using a database in this application, you can use it for any 
data storage needed, especially long-term data storage. Cookies are more 
useful for applications that don't make use of a database. 
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You store cookies by using the setcookie function. The general format is 

ki e( " variable" , " va lue" ) ; 



abl eis the variable name, but do not include the dollar sign ($). 
This statement stores the information only until the user leaves your Web 
site. For instance, the following statement 



setcooki e( "state" , "CA" ) ; 



stores CA in a cookie variable named state. After you set the cookie, the 
information is available to your other PHP programs in the element of a built- 
in array as $_COOKI E [state]. You don't need to do anything to get the infor- 
mation from the cookie. PHP does this automatically. The cookie is not 
available in the program where it is set. The user must go to another page or 
redisplay the current page before the cookie information can be used. 




The cookies are also available in an array called $HTTP_COOKI E_VARS with 
the variable names as keys. For instance, the value in the cookie set in the 
previous example can also be used as $HTTP_COOKI E_VARS[ 'state ' ]. This 
built-in array must be used if you are using a version of PHP that is earlier 
than PHP 4.1. 



If you want the information stored in a cookie to remain in a file on the user's 
computer after the user leaves your Web site, set your cookie with an expira- 
tion time, as follows: g 

set<zoo\^'\e{" variable" ," value" , exp1 retime) ; 

The exp1 retime value sets the time when the cookie will expire. exp1 re 
1 1 me is usually set by using either the time or m kt i me function as follows: 

time: This function returns the current time in a format that the com- 
puter can understand. You use the ti me function plus a number of sec- 
onds to set the expiration time of the cookie, as shown in the following 
statements: 

setcookie( "state" , "CA" ,time( )+3600) ; //expires in 1 hour 
setcookie( "Name" , $Name , time( )+(3*86400) ) // exp in 3 days 

mkti me: This function returns a date and time in a format that the com- 
puter can understand. You must provide the desired date and time in the 
following order: hour, minute, second, month, day, and year If any value is 
not included, the current value is used. You use the mkti me function to set 
the expiration time of the cookie, as shown in the following statements: 

setcooki e( "state" , "CA" ,mktime(3 , 0 , 0 ,4 , 1 , 2003 ) ) ; 

//expires at 3:00 AM on April 1, 2003. 
setcooki e( "state" , "CA" ,mktime( 12 , 0 , 0 , , , ) ) ; 
//expires at noon today 
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You can remove a cookie by setting its value to nothing. Either of the follow- 
ing statements removes the cookie: 




iki e( "name" ) ; 
c"TOki e( "name" , " " ) ; 



The setcookie function has a major limitation, however. The setcookie 
function can only be used before any other output is sent. You cannot set a 
cookie in the middle of a program after you have echoed some output to the 
Web page. See the sidebar "Statements that must come before output," else- 
where in this chapter 



Passing information With HTML forms 

The most common way to pass information from one page to another is by 
using HTML forms. An HTML form is displayed with a submit button. When 
the user clicks the submit button, the information in the form fields is passed 
to the program included in the form tag. The general format is 



<form action="processform.php" method="POST"> 
tags for one or more fields 
<input type="submit" val ue="stri ng"> 




^/ Torm> 







The most common use of a form is to collect information from users (which I 
discuss in detail in Chapter 8). However, forms can also be used to pass other 
types of information using hidden fields, which are added to the form and 
sent with the information that the user typed in. In fact, you can create a form 
that has only hidden fields. You always need a submit button, and the new 
page doesn't display until the user clicks the submit button, but you don't 
need to include any fields for the user to fill in. 

For instance, the following statements pass the user's preferred background 
color to the next page when the user clicks a button named Next Page: 

<?php 

$color = "blue"; //passed via a user form 

echo "<form acti on= ' nextpage . php ' method= ' POST ' > 

<input type= ' hi dden ' name='color' val ue= ' $col or ' > 
<input type= ' submi t ' value='Next Page') 
</f orm>\n" ; 

?> 

The Web page shows a submit button labeled Next Page, but it doesn't ask 
the user for any information. When the user clicks the button, next page, php 
runs and can use the array element $_POST[col or], which contains "bl ue". 
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is the time that a user spends at your Web site. Users can view 
many Web pages between the time when they enter your site and then leave 
it. Often you want information to follow the user around your site so that it's 
available on every page. PHP, beginning with version 4.0, provides a way to 
do this. 



Ho(jO PHP sessions Work 

PHP enables you to set up a session on one Web page and save variables as 
session variables. Then you open the session in any other page, and the ses- 
sion variables are available for your use in the built-in arrays $_SESS I ON. To 
do this, PHP does the following: 

1. Assigns a session ID number: The number is a really long, nonsense 
number that is unique for the user and that no one could possibly guess. 
The session ID is stored in a PHP system variable named PHPSESSID. 

2. Stores session variables in a file on the server: The file is named with 
the session ID number. The file is stored in Xtmp on Unix/Linux; in 
Windows, it's stored in a directory called sessiondata under the direc- 
tory where PHP is installed. 




If you are the PHP administrator, you can change the location where the 
session files are stored by editing the configuration file php . i ni . Find 
the setting forsession.save_path and change the path to the location 
where you want to store the files. 



3. Passes the session ID number to every page: If the user has cookies 
turned on, PHP passes the session ID using cookies. If the user has cook- 
ies turned off, PHP passes the session ID in the URL for links or in a 
hidden variable for forms that use the post method. 

4. Gets the variables from the session file for each new session page: 

Whenever a user opens a new page that is part of the session, PHP gets 
the variables from the file by using the session ID number that was 
passed from the old page and puts them into the built-in array 
$_SESSION. You can use the array elements with the variable name as 
the key, and they have the value that you assigned in the previous page. 




Sessions do not work unless t r a c k_v a r s is enabled. As of PHP 4.0.3, 
track vars is always turned on. For versions previous to 4.0.3, the option 
-enabletrackvars should be used when installing PHP. 
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If users have cookies turned off, sessions do not work unless trans sid is 
turned on. You find out fiow to turn trans sid on and off later in the section, 
IP session variables." 



Opening sessions 

You should open a session on each Web page. Open the session with the 
session_start function, as follows : 

sessi on_start( ) ; 

The function first checks for an existing session ID number If it finds one, it 
sets up the $_SESSION array. If it doesn't find one, it starts a new session by 
creating a new session ID number. 

Because sessions use cookies if the user has them turned on, sessi on_start 
is subject to the same limitation as cookies. That is, the sessi on_sta rt func- 
tion must be called before any output is sent. For complete details, see the 
sidebar "Statements that must come before output," elsewhere in this chapter. 

You can tell PHP that every page on your site should automatically start 
with a sessi on_st art. To do this, edit the configuration file php . i ni . If you 
are the PHP administrator, you can edit this file; otherwise, ask the adminis- 
trator to edit it. Look for the variable s e s s i o n . a u t o_s t a r t and set its value 
to 1 . You might have to restart the Web server before this takes effect. With 
auto_start turned on, you don't need toaddasession_startatthe begin- 
ning of each page. 



Usin^ PHP session i/ariabtes 

When you want to save a variable as a session variable — that is, available to 
other Web pages that the user might visit — save it in the $_S E S S 1 0 N array as 
follows: 

$_SESSION[ ' i/aryaZ^/ename' ] = value; 

The variable value is then available inthe$_SESSION array on other Web 
pages. For example, you can store the state where the user lives by using the 
following statement: 

$_SESSION['state'] = "CA"; 

You can then use$_SESSION['state'] in any other Web page, and it will 
have the value CA. 
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The following two programs show how to use sessions to pass information 
from one page to the next. The first program, sessi onTestl . php in 

2, shows the first page where the session begins. Listing 9-3 shows 
ram sessi onTest2 . php for the second page in a session. 



Listing 9-2: Starting a Session 

<?php 

sessi on_start( ) ; 

?> 

<html> 

<head><ti tl e>Testi ng Sessions page K/ti tl e></head> 

<body> 

<?php 

$_SESSION [' sessi on_var ' ] = "testing"; 

echo "This is a test of the sessions feature. 

<forrri acti on= ' sessi onTest2 . php ' rnethod= ' POST ' > 

<input type= ' hi dden ' narTie= ' f orni_var ' 
val ue= ' testi ng ' > 

<input type= ' submi t ' value='go to next page'> 

</f orrn>" ; 

?> 

</body></htrril> 



Notice that two variables are set in this program to be passed to the second 
page. The session variable s e s s i o n_v a r is created. In addition, a form is dis- 
played with a hidden variable f orni_va r, which is also passed to the second 
page when the submit button is pressed. Both variables are set to 
"testi ng". 



Listing 9-3: The Second Page of a Session 

<?php 

sessi on_start( ) ; 

?> 

<htrril> 

<head><ti tl e>Testi ng Sessions page 2</ti tl e></head> 

<body> 

<?php 

echo "session_var = { $_SESSION[ ' sessi on_var '] )<br>\n" ; 
echo "forrri_var = { $_POST[ ' f orrn_var ' ] )<br>\n " ; 

?> 

</body></htrril> 

Point your browser at sessi onTestl. php and then click the submit button 
that reads Go to Next Page. You will then see the following output from 

sessi onTestZ .php: 

session_var = testing 
forrri_var = testing 
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Because sessions work differently for users witfi cookies turned on and for 
users with cookies turned off, you sfiould test tfie two programs in botfi con- 
o turn off cookies in your browser, you cfiange tfie settings for 
r preferences. 



To disable cookies in Internet Explorer, follow these steps: 

1. Choose ToolsOInternet Options. 

The Internet Options dialog box opens. 

2. Click tlie Security tab in IE 5.5 or the Privacy tab in IE 6. 

3. Click the Internet icon to highlight it. 

4. Click the Custom Level button. 

The Security Settings dialog box appears. 

5. Scroll down to the Cookies section and select Disable for each of the 
cookie settings. 

6. Click OK. 

To disable cookies in Netscape Navigator, follow these steps: 

1. Choose EditOPreferences. 

2. Highlight Advanced. 



3. Mark Disable Cookies. 

4. Click OK. 



I 



If the output from sessionTest2 shows a blank value for $sessi on_var 
when you turn cookies off in your browser, it is probably because trans sid 
is not turned on. You can turn on t r a n s - s i d in your p h p . i n i file. Find the 
following line: 

sessi on . use_trans_si d = 0 

Change the 0 to 1 to turn on t r a n s - s i d . If you can't get this problem fixed, 
you can still use sessions, but you must pass the session ID number in your 
programming statements because PHP won't pass it automatically when 
cookies are turned off. For details on how to use sessions when transsid is 
not turned on, check out the next section. 



For PHP 4.1.2 or earlier, trans sid is not available unless it was enabled by 
using the option -enabletranssid when PHP was compiled. 
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rs turn off cookies in their browsers. PHP checks the user's browser 
ether cookies are allowed and behaves accordingly. If the user's 
browser allows cookies, PHP does the following: 



I 



Sets the variable $PHPSESSID equal to the session ID number 
1^ Uses cookies to move $PHPSESSID from one page to the next 



If the user's browser is set to refuse cookies, PHP does the following: 

1^ Sets a constant called SID. The constant contains avariable=value 
pair that looks like PHPSESSID=1 ongstri ngof numbers. 

Might or might not move the session ID number from one page to the 
next, depending on whether trans sid is turned on. If it is turned on, 
PHP passes the session ID number; if it is not turned on, PHP does not 
pass the session ID number. 

Turning on trans sid has advantages and disadvantages. The advantage is 
that sessions work seamlessly even when users turn cookies off. It also is much 
easier to program sessions with transsid turned on. The disadvantage is 
that the session ID number is often passed in the URL. In some situations, the 
session ID number should not be shown in the browser address. Also, when 
the session ID number is in the URL, it can be bookmarked by the user. Then, 
if the user returns to your site by using the bookmark with the session ID 
number in it, the new session ID number from the current visit can get con- 
fused with the old session ID number from the previous visit and possibly 
cause problems. 



Sessions ufitfi trans-sid turned on 

When transsid is turned on and the user has cookies turned off, PHP auto- 
matically sends the session ID number in the URL or as a hidden form field. If 
the user moves to the next page by using a link, a header function, or a form 
with the get method, the session ID number is added to the URL. If the user 
moves to the next page by using a form with the post method, the session ID 
number is passed in a hidden field. PHP recognizes $PHPSESSIDas the ses- 
sion ID number and handles the session without any special programming on 
your part. 

The session ID number is only added to the URLs for pages on your own Web 
site. If the URL of the next page includes a server name, PHP assumes that 
the URL is on another Web site and doesn't add the session ID number. For 
instance, if your link statement is 

<a href="newpage . php"> 
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PHP will add the session ID number. However, if your statement is 

f ="HTTP : //www .company.com/newpage.php") 
not add the session ID number. 



Sessions u/itfiout tmns-sid turned on 

When transsidis not turned on, PHP does not send the session ID number 
to the next page when users have cookies turned off. Rather, you must send 
the session ID number yourself. 

Fortunately, PHP provides a constant that you can use to send the session 
ID yourself. A constant is a variable that contains information that can't be 
changed. (Constants are described in Chapter 6.) The constant that PHP pro- 
vides is named S I D and contains avariable=value pair that you can add to 
the URL, as follows: 

<a href="nextpage . php?<?php echo SID?>" > next page </a> 

This link statement adds a question mark (?) and the constant S I D to the URL. 
S I D contains the session ID number formatted as variable=value. The 
output from echo SID looks something like this: 

PHPSESSID=877c22163d8df9deb342c7333cfe38a7 



Therefore, the URL that is sent is 



<a href="nextpage.php?PHPSESSID=877c22163d8df9deb34Zc7333cfe38a7> 
next page </a> 



For one of several reasons (which I discuss in the section "Adding informa- 
tion to the URL," earlier in this chapter), you may not want the session ID 
number to appear on the URL shown by the browser. To prevent that, you 
can send the session ID number in a hidden field in a form by using the post 
method. First, get the session ID number; then send it in a hidden field. The 
statements to do this are 



<?php 

$PHPSESSID = session_id( ) ; 

echo "<forrn acti on= ' nextpage . php ' rriethod= ' POST ' > 
<input type= ' hi dden ' narne=' PHPSESSID' 

value='$PHPSESSID'> 
<input type= ' submi t ' value='Next Page'> 
</f orm)" ; 
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e the session ID number in a variable called $PHPSESSID.Use the 
tion sessi on_i d, which returns the current session ID number. 



2. Send $PH PS ESS ID in a hidden form field. 



On the new page, PHP will automatically use $PHPSESSIDto get any session 
variables without any special programming needed from you. 



Making sessions prii/ate 

PHP session functions are ideal for Web sites that are restricted and require 
users to log in with a login name and password. Those Web sites undoubtedly 
have many pages, and you don't want the user to have to log in to each page. 
PHP sessions can keep track of whether the user has logged in and refuse 
access to users that aren't logged in. You can use PHP sessions to do the 
following: 

1. Show users a login page. 

2. If a user logs in successfully, set and store a session variable. 

3. Whenever a user goes to a new page, check the session variable to see 
whether the user has logged in. 

4. If the user has logged in, show the page. 

5. If the user has not logged in, bring up the login page. 

To check whether a user has logged in, add the following statements to the 
top of every page: 

<?php 

sessi on_start( ) 

if ( @$_SESSION[ ' 1 ogin ' ] != "yes" ) 
{ 

header("Location: loginPage.php") ; 
exit( ) : 

) 

?> 

In these statements, $_SESSION[login] is a session variable that is set 
to "yes " when the user logs in. The statements check whether 
$_SESSION [ login] is equal to "yes ". If it is not, the user is not logged 
in and is sent to the login page. lf$_SESSION[login] equals "yes", the 
program proceeds with the rest of the statements on the Web page. 
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acted sessions that users log into, you often want users to log out 
'y're finished. To close a session, use the following statement: 



sessi on_destroy ( ) 



This statement gets rid of all the session variable information that is stored 
in the session file. PHP no longer passes the session ID number to the next 
page. However, the statement does not affect the variables currently set on 
the current page: They still equal the same values. If you want to remove the 
variables from the current page — as well as prevent them from being passed 
to the next page — unset them with this statement: 



unset($_SESSION ); 
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In this part . . . 

#n this part, you find out how to take the planning and 
<C getting started information from Part I, the MySQL 
information from Part II, and the PHP information from 
Part III — and put it all together into a whole Web data- 
base application. Chapters 11 and 12 present two sample 
applications, complete with their databases and all their 
PHP programs. 
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In This Chapter 

^ Organizing your whole application 

Organizing individual programs 
^ Making your application secure 
^ Documenting your application 



The previous chapters of this book provide you with the tools that you 
need to build your Web database application. In Part I, you find out how 
PHP and MySQL work and how to get access to them. In addition, you dis- 
cover what needs to be done to build your application and in what order to 
do it. In Part 11, you find out how to build and use a MySQL database. In Part 
111, you discover what features PHP has and how to use them. In addition, this 
part also explains how to show information in a Web page, collect informa- 
tion from users, and store information in a database. Now you're ready to put 
it all together. 

In this chapter, 1 show you how to put all the pieces together into a complete 
application. To do this, you need to 

1^ Organize the application 

Make sure that the application is secure 
*^ Document the application 

Here, 1 describe each of these steps in detail. 



Or^anizin^ the Application 

Organizing the application is for your benefit. As far as PHP is concerned, the 
application could be 8 million PHP statements all on one line of one computer 
file. PHP doesn't care about lines, indents, or files. However, humans write 
and maintain the programs for the application, and humans need organiza- 
tion. Applications require two levels of organization: 
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Iy The application level: Most applications need more than one program 
to deliver complete functionality. You must divide the functions of the 



ication into an organized set of programs. 



program level: Most programs perform more than one specific 
m task. You must divide the tasks of the program into sections within the 
I program. 




Or^anizin^ at the application te(/et 

In general, Web database applications consist of one program per Web page. 
For instance, you might have a program that provides a form to collect infor- 
mation and a program that stores the information in a database and tells the 
user that the data has been stored. 

Another basis for organization is one program per major task. For instance, 
you might have a program to present the form and a program that stores the 
data in a database. For Web applications, most major tasks involve sending a 
Web page. Collecting data from the user requires a Web page for the HTML 
(HyperText Markup Language) form; providing product information to cus- 
tomers requires Web pages; and when you store data in a database, you usu- 
ally want to send a confirmation page to the user that the data was stored. 

One program per Web page or one program per major task is not a rule but 
merely a guideline. The only rule regarding organization is that it must be 
clear and easy to understand. And that's totally subjective. Still, the organiza- 
tion of an application such as the Pet Catalog need not be overly compli- 
cated. Suppose that the Pet Catalog design calls for the first page to list all 
the pet types — such as cat, dog, and bird — that the user can select from. 
Then, after the user selects a type, all the pets in the catalog for that type are 
shown on the next Web page. A reasonable organization would be two pro- 
grams: one to show the page of pet types and one to show the pets based on 
the pet type that was chosen. 

Here are a few additional pointers for organizing your programs: 

Choose very descriptive names for the programs in your application. 

Program names are part of the documentation that makes your applica- 
tion understandable. For instance, useful names for the Pet Catalog pro- 
grams might be ShowPetTypes . php and ShowPets . php. It's usual, but 
not a requirement, to begin the program names with an uppercase letter. 
Case isn't important for program names on Windows computers, but it's 
very important on Unix/Linux computers. Pay attention to the upper- 
lowercase letters so that your programs can run on any computer if 
needed. 
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Put program files into subdirectories with meaningful names. For 

instance, put all the graphic files into a directory called images. If you 



have three files, you may be okay with only one directory, but look- 
hrough dozens of files for one specific file can waste a lot of time. 



Orqamzlnq at the pro^mm tei/et 

A well-organized individual program is very important for the following 
reasons: 



It's easier for you to write. The better organized your program is, the 
easier it is for you to read and understand it. You can see what the pro- 
gram is doing and find and fix problems faster. 

1^ It's easier for others to understand. Others may need to understand 
your program. After you claim that big inheritance and head off to the 
South Sea Island that you purchased, someone else will have to maintain 
your application. 

It's easier for you to maintain. No matter how thoroughly you test it, 
your application is likely to have a problem or two. The better organized 
your program is, the easier it is for you to find and fix problems, espe- 
cially six months later 

It's easier to change. Sooner or later, you or someone else will need to 
change the program. The needs of the user may change. The needs of the 
business may change. The technology may change. The ozone layer may 
change. For one reason or another, the program will need to be changed. 
Figuring out what the program does and how it does it so that you can 
change it is much easier if it is well organized. I guarantee that you won't 
remember the details; you just need to be able to understand the program. 

The following rules will produce well-organized programs. 1 hesitate to call 
them rules because there can be reasons in any specific environment to break 
one or more of the rules, but 1 strongly recommend thinking carefully before 
breaking any of the following rules: 

Divide the statements into sections for each specific task. Start each 
section with a comment describing what the section does. Separate sec- 
tions from each other by adding blank lines. For instance, for the Pet 
Catalog, the first program might have three sections for three tasks: 

1. Echo introductory text, such as the page heading and instruc- 
tions. The comment before the section might be/* opening 
text */. If the program echoes a lot of complicated text and 
graphics, you might make it into more than one section, such as /* 

title and logo */ and /* instructions */. 
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Get a list of pet types from the database. If this section is long and 
complicated, you can divide it into smaller sections, such as 1) 
connect to database; 2) execute SELECT query; and 3) put data into 
variables. 

Create a form that displays a selection list of the pet types. Forms 
are often long and complicated. It can be useful to have a section 
for each part of the form. 

Use indents. Indent blocks in the PHP statements. For instance, indent 
i f blocks and while blocks as 1 have done in the sample code for this 
book. If blocks are nested inside other blocks, indent the nested block 
even further It's much easier to see where blocks begin and end when 
they're indented, which in turn makes it easier to understand what the 
program does. Indenting the HTML statements can also be helpful. For 
instance, if you indent the lines between the open and close tags for a 
form or between the < t a b 1 e > tag andthe</table> tag, you can more 
easily see what the statements are doing. 

Use comments liberally. Definitely add comments at the beginning that 
explain what the program does. And add comments for each section. 
Also, comment any statements that you think aren't obvious or state- 
ments where you think you may have done something in an unusual 
way. If it took you a while to figure out how to do it, it's probably worth 
commenting. Don't forget short comments on the end of lines; some- 
times just a word or two can help. 

Use simple statements. Sometimes programmers get carried away with 
the idea of concise code to the detriment of readability. Nesting six func- 
tion calls inside each other may save some lines and keystrokes, but it 
will also make the program more difficult to read. 

Reuse blocks of statements. If you find yourself typing the same ten lines 
of PHP statements in several places in the program, you can move that 
block of statements into another file and call it when you need it. One line 
in your program that reads getData( ) is much easier to read than ten 
lines that get the data. Not only that, if you need to change something 
within those lines, you can change it in one external file instead of having 
to find and change it a dozen different places in your program. There 
are two ways to reuse statements: functions and i ncl ude statements. 
Chapter 7 explains how to write and use functions. The following two sec- 
tions explain the use of functions and i ncl ude statements in program 
organization. 

Use constants. If your program uses the same value many times, such as 
the sales tax for your state, you can define a constant in the beginning of 
the program that creates a constant called CA_SALES_TAX that is . 97 
and use it whenever it's needed. Defining a constant that gives the 
number a name helps anyone reading the program understand what the 
number is — plus, if you ever need to change it, you only have to change 
it in one place. Constants are described in detail in Chapter 6. 
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Usin^ include statements 

P^|P allows you to put statements into an external file — that is, a file sepa- 
®i your program — and to insert the file wherever you want it in the 
'rl)^3»f by using an i ncl ude statement, i ncl ude files are very useful for 
storing a block of statements that is repeated. You add an i ncl ude statement 
wherever you want to use the statements instead of adding the entire block 
of statements at several different locations. It makes your programs much 
shorter and easier to read. The format for an i ncl ude statement is 



incl ude( "fi 1 ename" ) ; 



The file can have any name. 1 like to use the extension .inc. The statements 
in the file are included, as-is, at the point where the i ncl ude statement is 
used. The statements are included as HTML, not PHP. Therefore, if you want 
to use PHP statements in your i ncl ude file, you must include PHP tags in the 
i ncl ude file. Otherwise, all the statements in the i ncl ude file are seen as 
HTML and output to the Web page as-is. 

Here are some ways to use include files to organize your programs: 

1^ Put all or most of your HTML into 1 ncl ude files. For instance, if your 
program sends a form to the browser, put the HTML for the form into 
an external file. When you need to send the form, use an incl ude state- 
ment. Putting the HTML into an i ncl ude file is a good idea if the form 
is shown several times. It is even a good idea if the form is shown only 
once because it makes your program much easier to read. The programs 
in Chapters 11 and 12 put HTML code for forms into separate files and 
include the files when the forms are displayed. 

Store the information needed to access the database in a file separate 
from your program. Store the variable names in the file as follows: 

<?php 

$host="l ocal host" ; 
$user=" root" ; 
$password=" " ; 
?> 



Notice that this file needs the php tags in it because the include state- 
ment inserts the file as HTML. Include this file at the top of every program 
that needs to connect to the database. If any of the information (such as 
the password) changes, just change the password in the include file. You 
don't need to search through every program file to change the password. 
For a little added security, it's a good idea to use a misleading filename, 
rather than something obvious like secret_passwords. inc. 
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1^ Put your functions in i ncl ude files. You don't need the statements for 
functions in the program; you can put them in an i ncl ude file. If you 
a lot of functions, organize related functions into several i ncl ude 
such as data_f uncti ons . i nc and f orm_f uncti ons . i nc. Use 
ude statements at the top of your programs, reading in the func- 
tions that are used in the program. 

1^ Store statements that all the files on your Web site have in common. 

Most Web sites have many Web pages with many elements in common. 
For instance, all Web pages start with <htnil >, <head>, and <body> tags. 
If you store the common statements in an i ncl ude file, you can include 
them in every Web page, ensuring that all your pages look alike. For 
instance, you might have the following statements in an i ncl ude file: 



<htnil> 

<head><title><?php echo $title ' 

<body topmargi n="0"> 

<p al i gn = "center"><irrig src = "logc 

height="200"> 
<hr color="red"> 


'></title></head> 
).gif" width="100 




If you include this file in the top of every program on your Web site, you 
save a lot of typing, and you know that all your pages match. In addition, 



if you want to change anything about the look of all your pages, you only 
have to change it one place — in the i ncl ude file. 

You can use a similar statement as follows: 

i ncl ude_once {" fi 1 ename" ) ; 

This statement prevents include files with similar variables from overwriting 
each other Use i ncl ude_once when you include your functions. 

You can use a variable name for the filename as follows: 

incl ude( "$fi lename" ) ; 

For example, you might want to display different messages on different days. 
You might store these messages in files that are named for the day on which 
the message should display. For instance, you could have a file named 
Sun . i nc with the following contents: 

<p>Go ahead. Sleep in. No work today. </p> 

And similar files for all days of the week. The following statements can be 
used to display the correct message for the current day: 

$today = date( "D" ) ; 

i ncl ude( " $today " . " . i nc" ) ; 
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After the first statement, $ today contains tfie day of tfie week, in abbrevia- 
tion form. The date statement is discussed in Chapter 6. The second state- 
ludes the correct file, using the day stored in $today.If $today 
Sun, the statement includes a file called Sun . i nc. 

Protecting your i ncl ude files is important. The best way to protect them is 
to store the i ncl ude files in a directory outside your Web space so they can't 
be accessed by visitors to your Web site. 

You can set up an i ncl ude directory where PHP looks for any files specified 
in an i ncl ude statement. If you are the PHP administrator, you can set up 
an i ncl ude directory in the php . i ni file (the PHP configuration file in your 
system directory, as I describe in Appendix B). Find the setting for i ncl ude_ 
path and change it to the path to your preferred directory. If there is a semi- 
colon at the beginning of the line, before i ncl ude_path, remove it. The fol- 
lowing are examples of i ncl ude_path settings in the php . i ni file: 



i ncl ude_ 


_path=" . 


; d : \i ncl ude" ; 




for 


Wi ndows 


i ncl ude_ 


_path=" . 


:/user/local/include"; 




for 


Unix/Linux/Mac 



Both of these statements specify two directories where PHP looks for i ncl ude 
files. The first directory is dot (meaning the current directory), followed by 
the second directory path. You can specify as many include directories as you 
want, and PHP will search them for the i ncl ude file in the order in which they 
are listed. The directory paths are separated by a semicolon for Windows and 
a colon for Unix/Linux. 

If you don't have access to p h p . i ni , you can set the path in each individual 
script by using the following statement: 

i ni_set ( " i ncl ude_path" , "d : \hi dden " ) ; 

This statement sets the i ncl ude_path to the specified directory only while 
the program is running. It doesn't set the directory for your entire Web site. 

To access a file from an i ncl ude directory, just use the filename, as follows. 
You don't need to use the full path name. 

include("secretpasswords.inc"); 

If your i ncl ude file is not in an i ncl ude directory, you may need to use the 
entire path name in the include statement. If the file is in the same directory 
as the program, the filename alone is sufficient. However, if the file is located 
in another directory, such as a subdirectory of the directory that the pro- 
gram is in or a hidden directory outside the Web space, you need to use the 
full path name to the file, as follows: 

include("d:/hidden/secretpasswords.inc"); 
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Usin^ functions 

M|ke frequent use of functions to organize your programs. (In Chapter 7, 1 
reating and using functions in detail.) Functions are useful when 
ram needs to perform the same task at repeated locations in a pro- 
gram or in different programs in the application. After you write a function 
that does the task and you know it works, you can use it anywhere that you 
need it. 




Look for opportunities to use functions. Your program is much easier to read 
and understand with a line like this: 



getMemberData ( ) ; 



than with 20 lines of statements that actually get the data. 

In fact, after you've been writing PHP programs for a while, you will have a 
stash of functions that you've written for various programs. Very often the 
program that you're writing can use a function that you wrote for an applica- 
tion two jobs ago. For instance, 1 often have a need for a list of the states. 
Rather than include a list of all 50 states every time that I need it, 1 have a 
function called getStateNamesC) that returns an array that holds the 50 
state names in alphabetical order and a function called getStateCodes() 
that returns an array with all 50 two-letter state codes in the same order. 
These functions are frequently useful. 

Name your functions very descriptively. The function calls in your program 
should tell you exactly what the function does. Long is okay. You don't want 
to see a line in your program that reads 



functionK ) ; 



This line isn't very informative. Even a line like the following is less informa- 
tive than it could be: 



getData ( ) ; 



You want to see a line like this: 



getAl 1 MemberNames ( ) ; 



Keeping It Private 

You need to protect your Web database application. People out there may 
have nefarious designs on your Web site for purposes such as 

11^ Stealing stuff: They hope to find a file sitting around full of valid credit 
card numbers or the secret formula for eternal youth. 
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I \^ Trashing your Web site: Some people think this is funny. Some people 
' do it to prove that they can. 

I 1-^ C\ C\ w^^^ming your users: A malicious person can add things to your Web 
' \^?that harm or steal from the people who visit your site. 



This is not a security book. Security is a large, complex issue, and 1 am not a 
security expert. Nevertheless, 1 want to call a few issues to your attention and 
make some suggestions that might help. The following measures will increase 
the security of your Web site, but if your site handles really important, secret 
information, read some security books and talk to some experts: 

Ensure the security of the computer that hosts your Web site. This is 
probably not your responsibility, but you may want to talk to the people 
responsible and discuss your security concerns. You'll feel better if you 
know that someone is worrying about security. 

Don't let the Web server display filenames. Users don't need to know 
the names of the files on your Web site. 

Hide things. Store your information so that it can't be easily accessed 
from the Web. 

*^ Don't trust information from users. Always clean any information that 
you didn't generate yourself. 

*^ Use a secure Web server. This requires extra work, but it's important if 
you have top-secret information. 



I 

Ensure the securing of the computer 

First, the computer itself must be secure. The system administrator of the 
computer is responsible for keeping unauthorized visitors and vandals out of 
the system. Security measures include such things as firewalls, encryption, 
password shadowing, scan detectors, and so on. In most cases, the system 
administrator is not you. If it is, you need to do some serious investigation 
into security issues. If you are using a Web-hosting company, you may want 
to discuss security with those folks to reassure yourself that they are using 
sufficient security measures. 



bon't let the Web server dlsplai^ fitenames 

You may have noticed that sometimes you get a list of filenames when you 
point at a URL. If you point at a directory (rather than a specific file) and the 
directory doesn't contain a file with the default filename (such as index. 
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html ), the Web server may display a list of files for you to select from. You 
probably don't want your Web server to do this; your site won't be very 
a visitor can look at any file on your site. On other Web sites, you 
seen an error message that reads 



Forbidden 

You don't have permission to access /secretdi rectory on this server. 

On those sites, the Web server is set so that it doesn't display a list of file- 
names when the URL points to a directory. Instead, it delivers this error mes- 
sage. This is more secure than listing the filenames. If the filename is being 
sent from your Web site, a setting for the Web server needs to be changed. If 
you aren't the administrator for your Web server, request a change. If you are 
the administrator, it's up to you to change this behavior. For instance, in 
Apache, this behavior is controlled by an option called Indexes, which can be 
turned on or off in the httpd . conf file as follows: 



Opti ons 


Indexes 


II 


turns 


i t on 


Opti ons 


-Indexes 


II 


turns 


it off 



See the documentation for your Web server to allow or not allow directory 
listings in the user's Web browser. 



Hide things , 

Keep information as private as possible. Of course, the Web pages that you 
want visitors to see must be stored in your public Web space directory. But 
not everything needs to be stored there. For instance, you can store include 
files in another location altogether — in space on the computer that can't 
be accessed from the Web. Your database certainly isn't stored in your Web 
space, but it might be even more secure if it were stored on a totally different 
computer. 

Another way to hide things is to give them misleading names. For instance, 
the include file containing the database variables shouldn't be called 
passwords . i nc. A better name might be Unci eHenrysChi ckenSoupReci pe . 
i nc. 1 know this suggestion violates other sections of the book where 1 pro- 
mote informative filenames, but this is a special case. Malicious people some- 
times do obvious things like typing www .your si te. com /passwords, html 
into their browser to see what happens. 



Don't trust infamation from users 

Malicious users can use the forms in your Web pages to send dangerous text to 
your Web site. Therefore, never store information from forms directly into a 
database without checking it first. Check the information that you receive for 
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reasonable formats and dangerous characters. In particular, you don't want to 
accept HTML tags, such as <scri pt> tags, from forms. By using script tags, a 
d enter an actual script — perhaps a malicious one. If you just accept 
ield without checking it and store it in your database, you could have 
any number of problems, particularly if the stored script was sent in a Web 
page to a visitor to your Web site. For more on checking data from forms, see 
Chapter 8. 



Use a secure Web server 

Communication between your Web site and its visitors is not totally secure. 
When the files on your Web site are sent to the user's browser, someone on 
the Internet between you and the user can read the contents of these files as 
they pass by. For most Web sites, this isn't an issue; however, if your site col- 
lects or sends credit card numbers or other secret information, use a secure 
Web server to protect this data. 

Secure Web servers use Security Sockets Layer (SSL) to protect communica- 
tion sent to and received from browsers. This is similar to the scrambled tele- 
phone calls that you hear about in spy movies. The information is encrypted 
(translated into coded strings) before it is sent across the Web. The receiving 
software decrypts it into its original content. In addition, your Web site uses a 
certificate that verifies your identity. Using a secure Web server is extra work, 
but it's necessary for some applications. 

You can tell when you are communicating using SSL. The URL begins with 
HTTPS, rather than HTTP. 

Information about secure Web servers is specific to the Web server that 
you're using. To find out more about using SSL, look at the Web site for the 
Web server that you are using. For instance, if you are using Apache, check 
out two open-source projects that implement SSL for Apache at www . mods si . 
org and www.apachessl .org. Commercial software is also available that 
provides a secure server based on the Apache Web server If you're using 
Microsoft Internet Information Server (IIS), search for SSL on the Microsoft 
Web site at www . mi crosof t . com. 



Completinq l/aur documentation 

I'm making one last pitch here. Documenting your Web database application 
is essential. You start with a plan describing what the application is supposed 
to do. Based on your plan, you create a database design. Keep the plan and 
the design up to date. Often as a project moves along, changes are made. 
Make sure that your documentation changes to match the new decisions. 
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While you design your programs, associate the tasks in the application plan 
with the programs that you plan to write. List the programs and what each 
o. If the programs are complicated, you may want to include a brief 
n of how the program will perform its tasks. If this is a team effort, 
list who is responsible for each program. When you complete your applica- 
tion, you should have the following documents: 



Application plan: Describes what the application is supposed to do, list- 
ing the tasks that it will perform 

Database design: Describes the tables and fields that are in the database 

\^ Program design: Describes how the programs will do the tasks in the 
application plan 

Program comments: Describe the details of how the individual program 
works 

Pretend that it's five years in the future and you're about to do a major 
rewrite of your application. What will you need to know about the application 
in order to change it? Be sure that you include all the information that you 
need to know in your documentation. 
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In This Chapter 

^ Designing an online catalog 
^ Building the database for the Pet Catalog 
^ Designing the Web pages for the Pet Catalog 
^ Writing the programs for the Pet Catalog 



nline catalogs are everywhere on the Web. Every business that has 
products for sale can use an online catalog. Some businesses use online 
catalogs to sell their products online, and some use them to show the quality 
and worth of their products to the world. Many customers have come to 
expect businesses to be online and provide information about their products. 
Customers often begin their search for a product online, researching its avail- 
ability and cost through the Web. 

In this chapter, you find out how to build an online catalog. 1 chose a pet 
store catalog for no particular reason except that it sounded like more fun 
than a catalog of socks or light bulbs. And looking at the pictures for a pet 
catalog was much more fun than looking at pictures of socks. 1 introduce the 
Pet Catalog example in Chapter 3 and use it for many of the examples 
throughout this book. 

In general, all catalogs do the same thing: provide product information to 
potential customers. The general purpose of the catalog is to make it as easy 
as possible for customers to see information about the products. In addition, 
you want to make the products look as attractive as possible so that cus- 
tomers will want to purchase them. 
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Designing the Application 

The first step in design is to decide what the application should do. The obvi- 
ous purpose of the Pet Catalog is to show potential customers information 
about the pets. A pet store might also want to show information about pet 
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products, such as pet food, cages, fish tanks, and catnip toys . . . but you 
decide not to include such items in your catalog. The purpose of your online 
pplication is just to show pets. 



For the customer, displaying the information is the sole function of the cata- 
log. However, from your perspective, the catalog also needs to be maintained; 
that is, you need to add items to the catalog. So, you must include the task of 
adding items to the catalog as part of the catalog application. Thus, the appli- 
cation has two distinct functions: 



Show pets to the customers 
Add pets to the catalog 



ShovOmq pets to the customers 

The basic purpose of your online catalog is to let customers look at pets. 
Customers can't purchase pets online, of course. Sending pets through the 
mail isn't feasible. But a catalog can showcase pets in a way that motivates 
customers to rush to the store to buy them. 

If your catalog only has three pets in it, your catalog can be pretty simple — 
one page showing the three pets. However, most catalogs have many more 
items than that. Usually, a catalog opens with a list of the types of products — 
in this case, pets — that are available, such as cat, dog, horse, and dragon. 
Customers select the type of pet they want to see, and the catalog then dis- 
plays the individual pets of that type. For example, if the customer selects dog, 
the catalog would then show collies, spaniels, and wolves. Some types of prod- 
ucts might have more levels of categories before you see individual products. 
For instance, furniture might have three levels rather than two. The top level 
might be the room, such as kitchen, bedroom, and so on. The second level 
might be type, such as chairs, tables, and so on. The third level would be the 
individual products. 

The purpose of a catalog is to motivate those who look at it to make a purchase 
immediately. For the Pet Catalog, pictures are a major factor in motivating cus- 
tomers to make a purchase. Pictures of pets make people go ooooh and aaaah 
and say, "Isn't he cuuuute!" This generates sales. The main purpose of your Pet 
Catalog is to show pictures of pets. In addition, the catalog also should show 
descriptions and prices. 

To show the pets to customers, the Pet Catalog will do the following: 

1. Show a list of the types of pets and allow the customer to select a type. 

2. Show information about the pets that match the selected type. The 
information includes the description, the price, and a picture of the pet. 
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Adding pets to the catalog 



dd items to your catalog several ways. However, the task of adding 
o the catalog is much easier if you use an application designed for 
adding your specific products. In many cases, you aren't the person who will 
be adding products to your catalog. One reason for adding maintenance func- 
tionality to your catalog application is so that someone else can do those 
boring maintenance tasks. The easier it is to maintain your catalog, the less 
likely that errors will sneak into it. 



An application to add a pet to your catalog should do the following: 

1. Prompt the user to enter a pet type for the pet. A selection list of possi- 
ble pet types would eliminate many errors, such as alternate spellings 
(dog and dogs) and misspellings. The application also needs to allow the 
user to add new categories when needed. 

2. Prompt the user to enter a name for the pet, such as collie or shark. 
A selection list of names would help prevent mistakes. The application 
also needs to allow the user to add new names when needed. 

3. Prompt the user to enter the pet information for the new pet. The 

application should clearly specify what information is needed. 

4. Store the information in the catalog. 

The catalog entry application can check the data for mistakes and enter the 
data into the correct locations. The person entering the new pet doesn't need 
to know the inner workings of the catalog. 



BuHdinq the Database 

The catalog itself is a database. It doesn't have to be a database; it's possible 
to store a catalog as a series of HTML (HyperText Markup Language) files that 
contain the product information in HTML tags and display the appropriate file 
when the customer clicks a link. However, it makes my eyes cross to think of 
maintaining such a catalog. Imagine the tedium of adding and removing cata- 
log items manually ... or finding the right location for each item by searching 
through many files. Ugh. For these reasons, putting your Pet Catalog in a data- 
base is better. 

The PetCatal og database contains all the information about pets. It uses 
three tables: 

11^ Pet table 
PetType table 
1^ Color table 
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The first step in building the Pet Catalog is to build the database. It's pretty 
much impossible to write programs without a working database to test the 
on. First you design your database; then you build it; then you add 
or at least some sample data to use while developing the programs). 



Some changes have been made to the database design in Chapter 3 for the 
Pet Catalog. Development and testing often result in changes. Perhaps you 
find that you didn't take some factors into consideration in your design or 
that certain elements of your design don't work with real-world data or are 
difficult to program. It's perfectly normal for the design to evolve while you 
work on your application. Just be sure to change your documentation when 
your design changes. 



Buitdinq the Pet table 



In your design for the Pet Catalog, the main table is the Pet table. It contains 
the information about the individual pets that you sell. The following SQL 
query creates the Pet table: 



CREATE TABLE Pet 
petID 
petName 
petType 

petDescri pti on 
pri ce 
pi X 

PRIMARY KEY(pe 


( 

INT(5) 
CHAR(25 
CHAR(15 
VARCHAR 
DECIMAL 
CHAR(15 
tID) ); 


NOT 

) NOT 
) NOT 
(255) , 
(9,2), 
) NOT 


NULL AUTO INCREh' 
NULL, 

NULL DEFAULT "Mi 
NULL DEFAULT "na 


ENT, 
sc" , 

.gif" , 











Each row of the Pet table represents a pet. The columns are as follows: 



pet I D: A sequence number for the pet. In another catalog, this might be 
a product number, a serial number, or a number used to order the prod- 
uct. The CREATE query defines the petl D column in the following ways: 

• I NT ( 5 ) : The data in the field is expected to be a numeric integer. 
The database won't accept a character string in this field. 

•PRIMARY KEY(petlD): This is the primary key which is the field 
that must be unique. MySQL will not allow two rows to be entered 
with the same p e 1 1 D . 

• NOT NULL: This definition means that this field can't be empty. It 
must have a value. The primary key must always be set to NOT 
NULL. 

• AUTO- INCREMENT: This definition means that the field will automat- 
ically be filled with a sequential number if you don't provide a spe- 
cific number. For example, if a row is added with 98 for a petl D, 
the next row will be added with 99 for the pet I D unless you spec- 
ify a different number. This is a useful way of specifying a column 
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with a unique number, such as a product number or an order 
number. You can always override the automatic sequence number 
with a number of your own, but if you don't provide a number, a 
sequential number is stored. 



petName: The name of the pet, such as lion, collie, or unicorn. The 
CREATE query defines the petName column in the following ways: 

• CHAR( 25 ): The data in this field is expected to be a character 
string that's 25 characters long. The field will always take up 25 
characters of storage, with padding if the actual string stored is 
less than 25 characters. 

•NOT NULL: This definition means that this field can't be empty. It 
must have a value. After all, it wouldn't make much sense to have a 
pet in the catalog without a name. 

• No default value: If you try to add a new row to the Pet table with- 
out a petName, it won't be added. It doesn't make sense to have a 
default name for a pet. 

petType: The type of pet, such as dog or fish. The CREATE query defines 
the petType column in the following ways: 

• CHAR(15 ): The data in this field is expected to be a character 
string that's 15 characters long. The field will always take up 15 
characters of storage, with padding if the actual string stored is 
less than 15 characters. 

• NOT NULL: This definition means that this field can't be empty. It 
must have a value. The online catalog application will show cate- 
gories first and then pets within a category, so a pet with no cate- 
gory will never be shown on the Web page. 

• DEFAULT "Mi sc": The value "Mi sc" is stored if you don't provide 
a value for petType. This ensures that a value is always stored for 

petType. 

petDescri pti on: A description of the pet. The CREATE query defines 
the petDescri pti on in the following way: 

• VARCHAR( 255 ): This data type defines the field as a variable char- 
acter string that can be up to 255 characters long. The field is 
stored in its actual length. 

V pri ce: The price of the pet. The CREATE query defines price in the fol- 
lowing way: 

• DECIMALC 9 , 2 ): This data type defines the field as a decimal 
number that can be up to nine digits and has two decimal places. If 
you store an integer in this field, it will be returned with two deci- 
mal places, such as 9.00 or 2568.00. 
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p i x: The filename of the picture of the pet. Pictures on a Web site are 
stored in graphic files with names like dog.jpg, dragon. g if, or 

png. This field stores the filename for the picture that you want to 
for this pet. The CREATE query defines pi x in the following ways: 

CHAR( 15 ): The data in this field is expected to be a character 
string that's 15 characters long. For some applications, the picture 
files might be in other directories or on other Web sites requiring a 
longer field, but for this application, the pictures are all in a direc- 
tory on the Web site and have short names. The field will always 
take up 15 characters of storage, with padding if the actual string 
stored is less than 15 characters. 

NOT NULL: This definition means that this field can't be empty. It 
must have a value. You need a picture for the pet. When a Web site 
tries to show a picture that can't be found, it displays an ugly error 
message in the browser window where the graphic would go. You 
don't want your catalog to do that, so your database should 
require a value. In this case, you define a default value so that a 
value will always be placed in this field. 

D E FAU LT " n a . g i f " : The value " n a . g i f " is stored if you don't pro- 
vide a value for p i x. In this way, a value is always stored for p i x. 
The na . gi f file might be a graphic that reads something like: 

"picture not available". 



Notice the following points about this database table design: 

Some fields are CHAR, and some are VARCHAR. CHAR fields are faster, 
whereas VARCHAR fields are more efficient. Your decision will depend on 
whether disk space or speed is more important for your application in 
your environment. 

In general, shorter fields should be CHAR because shorter fields don't 
waste much space. For instance, if your CHAR is 5 characters, the most 
space that you could possibly waste is 4. However, if your CHAR is 200, 
you could waste 199. Therefore, for short fields, use CHAR for speed with 
very little wasted space. 

The petl D field means different things for different pets. The pet I D 

field assigns a unique number to each pet. However, a unique number is 
not necessarily meaningful in all cases. For example, a unique number 
is meaningful for an individual kitten but not for an individual goldfish. 

There are really two kinds of pets. One is the unique pet, such as a 
puppy or a kitten. After all, the customer buys a specific dog — not just 
a generic dog. The customer needs to see the picture of the actual 
animal. On the other hand, some pets are not especially unique, such as 
a goldfish or a parakeet. When customers purchase a goldfish, they see a 
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tank full of goldfish and point at one. The only real distinguishing char- 
acteristic of a goldfish is its color The customer doesn't need to see a 
,ure of the actual fish in your catalog, just a picture of a generic gold- 
perhaps showing the possible colors. 



In your catalog, you have both kinds of pets. The catalog might contain 
several pets with the name cat but with different pet I Ds. The picture 
would show the individual pet. The catalog also contains pets that aren't 
individuals but that represent generic pets, such as goldfish. In this 
case, there's only one entry with the name goldfish, with a single pet I D. 

I've used both kinds of pets in this catalog to demonstrate the different 
kinds of products that you might want to include in a catalog. The unique 
item catalog might include such products as artwork or vanity license 
plates. When the unique item is sold, it's removed from the catalog. Most 
products are more generic, such as clothing or automobiles. Although a 
picture shows a particular shirt, many identical shirts are available. You 
can sell the shirt many times without having to remove it from the catalog. 



Bm'Uin^ the PetTi^pe table 

You assign each pet a type, such as dog or dragon. The first Web page of the 
catalog lists the types for the customer to select from. A description of each 
type is also helpful to show. You don't want to put the type description in the 
main Pet table because the description would be the same for all pets with the 
same category. Repeating information in a table violates good database design. 

The PetCatalog database includes a table called PetType that holds the 
type descriptions. The following SQL query creates the PetType table: 

CREATE TABLE PetType ( 

petType CHAR(15) NOT NULL, 

typeDescription VARCHAR( 255 ) , 
PRIMARY KEY(petType) ); 

Each row of this table represents a pet type. These are the columns: 

1^ petType: The type name. Notice that the petType column is defined the 
same in the Pet table (which 1 describe in the preceding section) and in 
this table. This makes table joining possible and makes matching rows in 
the tables much easier However, the petType is the primary key in this 
table but not in the Pet table. The CREATE query defines the petType 
column in the following ways: 

• CHAR( 15 ): The data in this field is expected to be a character 
string that's 15 characters long. 

• PRIMARY KEY ( petType ): This definition sets the petType column 
as the primary key. This is the field that must be unique. MySQL 
will not allow two rows to be entered with the same petType. 
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I •NOTNULL: This definition means that this field can't be empty. It 



must have a value. The primary key must always be set to NOT 

NULL. 



'eDescri pti on: A description of the pet type. The CREATE query 
defines the typeDescri pti on in the following way: 

VARCHAR( 255 ): The string in this field is expected to be a variable 
character string that can be up to 255 characters long. The field is 
stored in its actual length. 



Buitdinq the Color table 

When I discuss building the Pet table (see "Building the Pet table," earlier in 
this chapter), 1 discuss the different kinds of pets: pets that are unique (such 
as puppies and horses) and pets that are not unique (such as goldfish and tur- 
tles). For unique pets, the customer needs to see a picture of the actual pet. 
For pets that aren't unique, the customer only needs to see a generic picture. 

In some cases, generic pets come in a variety of colors, such as blue parakeets 
and green parakeets. You might want to show two pictures for parakeets: a pic- 
ture of a blue parakeet and a picture of a green parakeet. However, because 
most pets aren't this kind of generic pet, you don't want to add a color column 
to your main Pet table because it would be blank for most of the rows. Instead, 
you create a separate table containing only pets that come in more than one 
color. Then when the catalog application is showing pets, it can check the 
Color table to see whether there's more than one color available — and if 
there is, it can show the pictures from the Color table. 

The Col or table points to pictures of pets when the pets come in different 
colors so that the catalog can show pictures of all the available colors. The 
following SQL query creates the Color table: 

CREATE TABLE Color ( 

petName CHAR(25) NOT NULL, 

petColor CHAR(15) NOT NULL, 

pix CHAR(15) NOT NULL DEFAULT "na.gif", 

PRIMARY KEYCpetName, petColor) ); 

Each row represents a pet type. The columns are as follows: 

petName: The name of the pet, such as lion, collie, or Chinese bearded 
dragon. Notice that the petName column is defined the same in the Pet 
table and in this table. This makes table joining possible and makes 
matching rows in the tables much easier. However, the petName is the 
primary key in this table but not in the Pet table. The CREATE query 
defines the petName in the following ways: 
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• CHAR( 25 ): The data in this field is expected to be a character 
string that is 25 characters long. 

PRIMARY KEY ( petName , petCol or ): The primary key must be 
unique. For this table, two columns together are the primary key — 
this column and the petCol or column. MySQL won't allow two rows 
to be entered with the same petName and petCol or. 

•NOT NULL: This definition means that this field can't be empty. It 
must have a value. The primary key must always be defined as NOT 
NULL. 

1/^ petColor: The color of the pet, such as orange or purple. The CREATE 
query defines the petCol or in the following ways: 

• CHAR(15 ): This data type defines the field as a character string 
that's 15 characters long. 

• PRIMARY KEY ( petName , petCol or ): The primary key must be 
unique. For this table, two columns together are the primary key — 
this column and the petName column. MySQL won't allow two rows 
to be entered with the same petName and petCol or. 

• NOT NULL: This definition means that this field can't be empty. It 
must have a value. The primary key must always be defined as NOT 
NULL. 

pi x: The filename containing the picture of the pet. The CREATE query 
defines pix in the following ways: 

• CHAR(15 ): This data type defines the field as a character string 
that is 15 characters long. 

•NOT NULL: This definition means that this field can't be empty. It 
must have a value. You need a picture for the pet. When a Web site 
tries to show a picture that can't be found, it displays an ugly error 
message in the browser window where the graphic would go. You 
don't want your catalog to do that, so your database should 
require a value. In this case, the CREATE query defines a default 
value so that a value will always be placed in this field. 

• DEFAU LT " na . gi f ": The value " na . gi f " is stored if you don't pro- 
vide a value for pi x. In this way, a value is always stored for pi x. 
The file na . gi f might contain a graphic that reads something like 

picture not available. 
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Adding data to the database 

You can add the data to the database many ways. You can use SQL queries 
to add pets to the database, or you can use the application that I describe in 
this chapter My personal favorite during development is to add a few sample 
items to the catalog by reading the data from a file. Then, whenever my data 
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becomes totally bizarre during development (as a result of programming 
errors or my weird sense of humor), 1 can re-create the data table in a 

Just DROP the table, re-create it with the SQL query, and reread the 
ata. 



For example, the data file for the Pet table might look like this: 

<TAB>Peki nese<TAB>Dog<TAB>Srrial 1 , cute, energetic. Good alarm 

systeni.<TAB>100.00<TAB>peke. jpg 
<TAB>House cat<TAB>Cat<TAB>Yel 1 ow and white cat. Extremely 

playful . <TAB>20.00<TAB>catyellow.jpg 
<TAB>House cat<TAB>Cat<TAB>Bl ack cat. Sleek, shiny. Likes 

children . <TAB>20 . 00<TAB>catbl ack . jpg 
<TAB>Chinese Bearded Dragon<TAB>Li zard<TAB>Grows up to 2 feet 

long. Fascinating to watch. Likes to be 

held.<TAB>100.00<TAB>l izard.jpg 
<TAB>Labrador Petri ever<TAB>Dog<TAB>Bl ack dog. Large, 

intelligent retriever. Often selected as guide 

dogs for the bl i nd . <TAB>100 . 00<TAB>1 ab . jpg 
<TAB>Gol df i sh<TAB>Fi sh<TAB>Va ri ety of colors. Inexpensive. 

Easy care. Good first pet for small 

Chi ldren.<TAB>2.00<TAB>gol dfish.jpg 
<TAB>Shark<TAB>Fish<TAB>Sleek. Powerful. Handle with 

care.<TAB>200.00<TAB>shark. jpg 
<TAB>Asian Dragon<TAB>Dragon<TAB>Long and serpentine. Often 

gold or red . <TAB>10000 . 00<TAB>dragona . jpg 
<TAB>Uni corn<TAB>Horse<TAB>Beauti f ul white steed with spiral 

horn on forehead . <TAB>20000 . 00<TAB>uni corn . jpg 

These are the data file rules: ' 



i/* The <TAB> tags represent real tabs — the kind that you create by press- 
ing the Tab key. 

Each line represents one pet and must be entered without pressing the 
Enter or Return key. The lines in the preceding example are shown 
wrapped to more than one line so that you can see the whole line. 
However, in the actual file, the data lines are one on each line. 

A tab appears at the beginning of each line because the first field is not 
being entered. The first field is the pet I D, which is entered automati- 
cally; you don't need to enter it. However, you do need to use a tab so 
that MySQL knows there's a blank field at the beginning. 

You can then use an SQL query to read the data file into the Pet table: 

LOAD DATA LOCAL INFILE "pets" INTO TABLE Pet; 

Any time that the data table gets odd, you can re-create it and read the data 
in again. 
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The LOAD DATA LOCAL query might not be available in your version of 
MySQL. This query must be enabled before you can use it. If it's not enabled, 
an error that reads The used command is not allowed with 
versi on . 1 discuss LOAD DATA LOCAL in detail in Chapter 4. 



besi^nin^ the Look and Feel 

After you know what the application is going to do and what information the 
database contains, you can design the look and feel of the application. The look 
and feel includes what the user sees and how the user interacts with the appli- 
cation. Your design should be attractive and easy to use. You can plan out this 
design on paper, indicating what the user sees, perhaps with sketches or with 
written descriptions. In your design, include the user interaction components, 
such as buttons or links, and describe their actions. You should include each 
page of the application in the design. If you're lucky, you have a graphic 
designer who can develop beautiful Web pages for you. If you're me, you just 
do your best with a limited amount of graphic know-how. 

The Pet Catalog has two look and feel designs: one for the catalog that the 
customer sees; and another, less fancy one for the part of the application that 
you or whoever is adding pets to the catalog uses. 



ShovOing^ pets to the customers 

The application includes three pages that customers see: 

1^ The storefront page: This is the first page that customers see. It states 
the name of the business and the purpose of the Web site. 

The pet type page: This page lists all the types of pets and allows cus- 
tomers to select which type of pet they want to see. 

The pets page: This page shows all the pets of the selected type. 
Storefront page 

The storefront page is the introductory page for the Pet Store. Because most 
people already know what a pet store is, this page doesn't need to provide 
much explanation. Figure 1 1-1 shows the storefront page. The only customer 
action available on this page is a link that the customer can click to see the 
Pet Catalog. 

Pet type page 

The pet type page lists all the types of pets in the catalog. Each pet type is 
listed with its description. Figure 11-2 shows the pet type page. Radio buttons 
appear next to each pet type so that customers can select the type of pet that 
they want to see. 
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3 Pet Stare Front Page - Microsoft Internet Explorer 
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Figure 11-1: 

The opening 
page of the 
Pet Store 
Web site. 



'tip: //janetvaUan.rr.com/PHP&MySQLforDummies/PetShopFfont.php 
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Looking for a new friend? 

Check out our F'^t Catalog 
We may have just what you're looking for. 



Figure 11-2: 

The pet type 
page of the 
Pet Store 
Web site. 



-a Pet Types - Microsoft Internet Explorer 
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Pet Catalog 
The following animal friends are waiting for you. 

Findjust what you want and hurry into the store to pickup your new friend. 
Which pet are you interested in? 



fCat 


Beautiful and dignified. Independent. Range in size from large lions to small house cats. Carnivorous. 


r Dog 


Strong courageous. Extremely Intelligent. Can be trained for very useful work, such as watchdog or seeing-eye dog. 
Or bringing in the newspaper. Includes wild species, such as coyotes and wolves. 


*^ Dragon 


Magiuficent, large reptiles. Dragons fly tirelessly and many are large enou^ to hde. Very good watch animals. 


(^Fish 


Many colorful varieties. Relaxing and mesmerizing to watch. Size varies from great white sharks to guppies. 


Horse 


Beautiful four legged animals that you can ride. Includes magical varieties such as Unicom and Pegasus. 


Lizard 


Small reptiles. Fascinating to watch. Require warm environment. Eat vegetables and bugs. 



Select Pet Type | 
Done 



lO Internet 
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Pets pa^e 

The pets page lists all the pets of the selected type. Each pet is listed with its 
I 1 }r\ r^k C\ ^lIpl^DQescription, price, and picture. The pets page appears in a different 

' >^ '-^ >^ V^nm^^epending on the information in the catalog database. Figures 1 1-3, 
11-4, and 11-5 show some possible pets pages. Figure 11-3 shows a page list- 
ing three different dogs from the catalog. 



a Pet Catalog - Microsoft Internet Explorer 
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Stop 


Refresh Home 


Search 
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1^' ii* Real.com 
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Click on any picture to see & larger version. 



1001 Pekinese Small, cute, energetic. Good alam» system. 



Labrador 
Retriever 



Black dog, Laige, intelligent retnever. Often selected as guide dogs foi the 
blind 




Figure 11-3: 

This pets 
page shows 
three 
different 
dogs. 



1002 Golden Retriever Large, intelligent retnever. Likes people Often win obedience trials. 



See more pets 
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Figure 1 1-4 shows that more than one pet can have the same pet name. 
Notice that the house cats have different petl D numbers. 



Figure 1 1-5 shows the output when pets are found in the Color table, show- 
ing more than one color is available. 
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Figure 11-4: 

This pets 
page shows 
three cats 
with the 
same pet 
name. 
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1002 House cat Yellow and white cat. Extremely playM. 






$20.00 














1003 House cat Black cat. Sleek, shiny. Likes children. 




m 


$20 00 




1006 House cat Long-haired white cat. Fluffy, soft, cuddly. Keeps the mice 


away. 




$20 00 




See more pets 
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Figure 11-5: 

This pets 
page shows 
goldfish 
that are 
available in 
two colors. 
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1007 Goldfish Vanety of colors. Inexpensive Easycare Good first pet for small children. 



gold/white 




1009 Shark Sleek. Powerful. Handle with care. 




See more pets 
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On all these pages, a line at the top reads Cl i ck on any picture to see 
a larger version. If the customer clicks the picture, a larger version of 



The application includes three pages that customers don't see; these are the 
pages used to add pets to the Pet Catalog. The three pages work in sequential 
order to add a single pet: 

1. Get pet type page. The person adding a pet to the catalog selects the 
radio button for the pet type. The user can also enter a new pet type. 

2. Get pet information page. The user selects the radio button for the pet 
being added and fills in the pet description, price, and picture filename. 
The user can also enter a new pet name. 

3. Feedback page. A page is displayed showing the pet information that 
was added to the catalog. 

Get pet tifpe pa^e 

The first page gets the pet type for the pet that needs to be added to the cata- 
log. Figure 11-6 shows the get pet type page. Notice that all the pet types cur- 
rently in the catalog are listed, and a section is provided where the user can 
enter a new pet type if it's needed. 

I 

Get pet information pa^e 

Figure 11-7 shows the second page. This page lets the user type the informa- 
tion about the pet that goes in the catalog. This page lists all the pet names in 
the catalog for the selected pet type so that the user can select one. It also 
provides a section where the user can type a new pet name if needed. 

feedback pa^e 

When the user submits the pet information, the information is added to the 
PetCatal og database. Figure 11-8 shows a page that verifies the information 
that was added to the database. The user can click a link to return to the first 
page and add another pet. 

Get missing information pa^e 

The application checks the data to see that the user entered the required 
information and prompts the user for any information that isn't entered. For 
instance, if the user selects New Category on the first page, the user must 
type a category name and description. If the user doesn't type the name or 
the description, a page is displayed that points out the problem and requests 
the information. Figure 1 1-9 shows the page that users see if they forget to 
type the category name and description. 
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Figure 11-6: 

The first 
page for 
adding a 
pet to the 
catalog. 
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Select tlie categoiy for the pet you are adding. 

If you are adding a pet in a category that is not listed, choose New Category and type the name and description of the category. Press 
Submit Category when you have finished selecting an easting category or typing a new category 

<• Cai '"Dog ^Dragon ^ Fish Horse Lizard 



f*| Category name: [~ 

New Categoiy Category description: |^ 



Submit Category 



^ Done 
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Figure 11-7: 

The second 
page asl<s 
for the pet 
name. 
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Submit Pet Name 



^ Done 
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a Add Pet - Microsoft Internet Explori 
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Figure 11-8: 

The last 
page 
provides 
feedback. 
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The foUouingpet has been adiiedto the PetCataliDg: 

■ Category: Dog 

■ Pet Name; Golden Retriever 

■ Pet Description: Large, intelligent letiievei- Likes people. Often vmis obedience tjials. 
• Price: 100.00 

■ Picture file: gold.jpg 

Add Another Pet 



^ Done 



Figure 11-9: 

This page 
requests 
a new 
category 
and 

description. 
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know what the pages are going to look like and what they are going 
to do, you can write the programs. In general, you write a program for each 
page, although sometimes it makes sense to separate programs into more 
than one file or to combine programs on a page. (For details on how to orga- 
nize applications, see Chapter 10.) 

As 1 discuss in Chapter 10, keep the information needed to connect to the 
database in a separate file and include that file in all the programs that need 
to access the database. The file should be stored in a secure location and 
with a misleading name for security reasons. For this application, the follow- 
ing information is stored in a file named mi s c . i n c: 



<?php 

$user="catal og" ; 

$host="l ocal host" ; I 
$password=" " ; ■ 
$database="PetCatal og" ; p 

?> 

The Pet Catalog application has two independent sets of programs: one set 
to show the Pet Catalog to customers and one set to enter new pets into the 
catalog. 

■ 

ShoWmg^ pets to the customers 

The application that shows the Pet Catalog to customers has three basic 
tasks: 

11^ Show the storefront page. Provide a link to the catalog. 
I/' Show a page where users select the pet type. 
Show a page with pets of the selected pet type. 



Shoufing the storefront 

The storefront page doesn't need any PHP statements. It simply displays a 
Web page with a link. HTML statements are sufficient to do this. Listing 11-1 
shows the HTML file that describes the storefront page. 



Listing 11-1: HTML File for the Storefront Page 



<?php 




/* Program: 


PetShopFront . php 


* Desc: 


Displays opening page for Pet Store. 


*/ 
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<title>Pet Store Front Page</ti tl e></head> 
opmargi n = "0" 1 eftmargi n = "0" rriarginheight=' 
0"> 

height="100%" border= 
"0" eel 1 paddi ng="0"> 



0" 



'0" 



30"> 
awni ng' 



'Pet Store"> 



ma rgi nwi dth = 
<table width="100% 
eel 1 spaci ng 

<tr> 

<td al i gn="center" valign="top" height 
<img src=" images/awni ng-top . gi f " alt 

</td> 
</tr> 
<tr> 

<td al i gn="center" val i gn="top"> 
<inig src=" images/Name . gi f" alt 
<p styl e="rriargi n-top : 40pt"> 
<img src=" images/1 izard-front.jpg 

height="186" width="280"> 
<p><h2>Lool<i ng for a new friend?</h2> 
<p>Check out our <a href =" PetCatal og . php 
Cata 1 og . </a> 
<br> We may have just what you're looking 
</td> 
</tr> 
</table> 
</body></html> 



alt="animal picture" 



>Pet 



for . 



Notice that the link is to a PHP program called PetCatalog.php. When the 
customer clicks the link, the Pet Catalog program (PetCatal og .php) begins. 



Showing the pet types 

The pet type page (refer to Figure 1 1-2) shows the customer a list of all the 
types of pets currently in the catalog. Listing 1 1-2 shows the program that 
produces the pet type Web page. 



Listing 11-2: Program That Displays Pet Types 

<?php 

/* Program: PetCatalog.php 

* Desc: Displays a list of pet categories from the 

PetType table. Includes descriptions. 

* User checks radio button. 
*/ 

?> 

<html> 

<head><title>Pet Types</ti tl e></head> 

<body> 

<?php 

i ncl ude( "mi sc . i nc" ) ; #11 



(continued) 
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Listing 11-2 (continued) 



I $con[ 

dBooHs 



$_connection = rriysql_connect ( $host , $user , $password ) 
or die ("couldn't connect to server"); 
rTiysql_sel ect_db( $database,$connection) 
or die ("Couldn't select database"); 



#13 
#15 

#19 
#21 



/* Select all categories from PetType table */ 
$query = "SELECT * FROM PetType ORDER BY petType"; 
Sresult = mysql_query( $query ) 

or die ("Couldn't execute query."); 

/* Display text before form */ 
echo "<div style='margin-left: .lin'> 
<hl al i gn= ' center ' >Pet Catalog</hl> 
<h2 al i gn= ' center ' >The following animal friends are 
waiting for you.</h2> 
<p al i gn= ' center ' >Fi nd just what you want and hurry in to 
the store to pick up your new friend. 
<p><h3>Which pet are you interested in?</h3>\n"; 

/* Create form containing selection list */ 
echo "<form acti on= ' ShowPets . php ' method= ' post ' >\n' 
echo "<table eel 1 paddi ng= ' 5 ' border= ' 1 ' >" ; 
$counter=l ; 

while ($row = mysql_f etch_a rray ( $resul t ) ) 
{ 

extract($row) ; 

echo "<tr><td valign='top' wi dth= ' 15% ' >\n" ; 
echo "<input type=' radio' name= ' i nterest ' 

val ue= ' $petType ' \n" ; 
if ( $counter == 1 ) 



#34 

#36 
#37 

#39 



#42 
#43 



echo "checked"; 

) 

echo "Xfont si ze='+r ><b>$petType</b></font>' 
echo "</td> 

<td>$typeDescri pti on</td>" ; 
echo "</tr>"; 
$counter++; 



#47 
#49 
#51 



echo "</table>"; 

echo "<p><input type= ' submi t ' val ue= ' Sel ect Pet Type') 

</form>\n"; #55 

?> 

</di v> 

</body></html> 



The program in Listing 1 1-2 has line numbers at the end of some of the lines. 
The line numbers are a reference so that 1 can refer to particular parts of the 
program. The numbers in the following list correspond to the line numbers in 
the listing. Here is a brief explanation of what the following lines do in the 
program: 
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11 The i ncl ude statement brings in a file that contains the information 
necessary to connect to the database. I call it mi s c . i n c because that 
s more secure than calling it passwords, inc. 




ects to the MySQL server 
1 5 Selects the PetCatalog database. 

19 A query that selects all the information from the PetType table and puts 
it in alphabetical order based on pet type. 

21 Executes the query on line 19. 

34 The opening tag for a form that will hold all the pet types. The action 
target is ShowPets . php, which is the program that shows the pets of the 
chosen type. 

36 Creates a counter with a starting value of 1 . The counter will keep track 
of how many pet types are found in the database. 

37 Starts awhile loop that will get the rows containing the pet type and 
pet description that were selected from the database on lines 19 and 20. 
The loop will execute once for each pet type that was retrieved. 

39 Separates the row into two variables: $petType and SpetDescription. 

41/42 Echoes a form field tag for a radio button. The value is the value in 

$petType. This statement executes once in each loop, creating a radio 
button for each pet type. This statement echoes only part of the form 
field tag. 

43 Starts an i f block that executes only in the first loop. It echoes the word 
"checked" as part of the form field. This ensures that one of the radio 
buttons is selected in the form so that the form can't be submitted with 
no button selected, which would result in unsightly error messages or 
warnings. The counter was set up solely for this purpose. 

Although adding "checked" to every radio button works in some 
browsers, it confuses other browsers. However, the extra programming 
required to add "checked" to only one radio button can prevent poten- 
tial problems. 

47 Echoes the remaining part of the form field tag for the radio button — 
the part that closes the tag. 

49 Echoes the pet description in a second cell in the table row. 

51 



54 
55 



Adds 1 to the counter to keep track of the number of times that the loop 
has executed. 

Adds the submit button to the form. 
Closes the form. 



When the user selects a radio button and then clicks the submit button, the 
next program — named ShowPets .php in the form tag — runs, showing the 
pets for the selected pet type. 
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Sfioufin^ the pets 

The pets page (refer to Figures 1 1-3, 1 1-4, and 1 1-5) shows the customer a list 
I J IT^ hi selected type that are currently in the catalog. Listing 

' >^ '-^ >^ ^/ifesRwvs the program that produces the pet Web page. 



Listing 11-3: Program That Shows a List of Pets 

<?php 

/* Program: ShowPets.php 

* Desc: Displays all the pets in a category. Category 

* is passed in a variable from a form. The 

* information for each pet is displayed on a 

* single line, unless the pet comes in more than 

* one color. If the pet comes in colors, a single 

* line is displayed without a picture and a line 

* for each color, with pictures, is displayed 

* following the single line. Small pictures are 

* displayed, which are links to larger pictures. 
*/ 

?> ■ 

<html> 

<head><title>Pet Catal og</ti tl e></head> 
<body topmargin="0" margi nhei ght="0"> 
<?php 

i ncl ude( "misc. i nc" ) ; 



Sconnection = mysql_connect ( $host , $user , $password ) 

or die ("couldn't connect to server"); 
$db = mysql_sel ect_db( Sdatabase , $connecti on ) 

or die ("Couldn't select database"); 

/* Select pets of the given type */ 
$query = "SELECT * FROM Pet 

WHERE petType=\"{$_POST['interest'])\""; #27 
$result = mysql_query( $query ) 

or die ("Couldn't execute query."); 

/* Display results in a table */ 

echo "<table eel 1 spaci ng= ' 10 ' border='0' eel 1 paddi ng= ' 0 ' 

width='100%'>" ; 
echo "<tr><td colspan='5' al i gn= ' ri ght ' > 

Click on any picture to see a larger 

versi on . <br><hr> 
</td></tr>\n" ; 

while ($row = mysql_f etch_a rray ( $resul t , MYSOL_ASSOC ) ) #38 
I 

$f_price = number_f ormat ( $row[ ' pri ce ' ] , 2 ) ; 

/* check whether pet comes in colors */ 
$query = "SELECT * FROM Color 

WHERE petName=' { $row[ ' petName ' ] ) ' " ; #44 
$result2 = mysql_query ( $query ) or di e (mysql_error ( ) ) ; #45 
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$ncolors = rnysql_nurn_rows($result2) ; #46 

S display row for each pet */ 
ho "<tr>\n"; 
echo "<td>{$row[ 'petID' ] )</td>\n" ; 
echo "<td><font size='+r> 

<b>{$row[ ' petName' ] )</b></font></td>\n" ; 
echo "<td>{ $row[ ' petDescri pti on ' ] )</td>\n " ; 
/* display picture if pet does not come in colors */ 
if ( Sncolors <= 1 ) #55 
{ 

echo "<td><a href ='.. /images/ { $row[ ' pi x ']) ' 
border= ' 0 ' > 

<img src= ' . . /images/{ $row[ ' pi X ' ] ) ' border='0' 
width=' 100' height='80' ></a></td>\n" ; 

} 

echo "<td al i gn= ' center ' >\$$f_pri ce</td>\n 
</tr>\n" ; 

/* display row for each color if pet comes in colors */ 
if (Sncolors > 1 ) #65 
{ 

while($row2 = mysql_f etch_array ( $resul t2 , MYSQL_ASSOC ) ) 
{ 

echo "<tr><td col span=2>&nbsp ; </td> 

<td>{ $row2[ 'petCol or' ] )</td> 
<td><a href ='.. /images/ { $row2[ ' pi x ' ] ) ' 
border= ' 0 ' > 

<img src= '.. /images/ { $row2[ ' pi X ']) ' border='0' 
width=' 100' height='80'></a></td>\n" ; 




echo "<tr><td col span= ' 5 ' ><hr></td></tr>\n " ; 

) 

echo "</table>\n" ; 

echo "<div al i gn= ' center ' > 

<a href= ' PetCatal og . php ' > 

<b>See more pets</b></a></di v>" ; 

?> 

</body></html> 

The following numbers correspond to the line numbers shown as comments 
at the end of lines in Listing 1 1-3. 1 document only some of the lines in this 
program in the following list. Many of the tasks in the listing are also in most 
of the programs in this application, such as connecting to the database, cre- 
ating forms, and executing queries. Because I document these common tasks 
for Listing 1 1-2, 1 don't repeat them here. Here is a brief explanation of what 
some of the other lines do in the program: 

26/27 This query selects all the pets in the catalog that match the chosen type, 
which was passed in a form from the previous page. 



DropBook 



38 Sets up a wh i 1 e loop that runs once for each pet selected. The loop cre- 
ates a line of information for each pet found. 
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43 Lines 43 through 46 check whether there are any entries in the Color 
table for the pet. Notice that the query results are put in $result2. 

could not be put in $resul t because this variable name is already 
e. $ncolors stores the number of rows found in the Col or table for 
the pet. Every pet name is checked for colors when it's processed in the 
loop. 

55 Starts an i f block that is executed only if zero or one rows for the pet 
were found in the Color table. The i f block displays the picture of the 
pet. If the program found more than one color for the pet in the Color 
table, the pet is available in more than one color, and the picture should- 
n't be shown here. Instead, a picture for each color will be shown in later 
lines. Refer to Figures 1 1-3 and 1 1-4 for pet pages that display the pictures 
and information on a single row, as done in this i f block. 

65 Starts an i f block that's executed if more than one color were found for 
the pet. The i f block echoes a row for each color found in the Color 
table. 

67 Sets up a wh i 1 e loop within the i f block that runs once for each color 
that was found in the Color table. The loop displays a line, including a 
picture, for each color Refer to Figure 11-5 for a pet page that displays 
separate lines with pictures for each color. 

The page has a link to more pets at the bottom. The link points to the previ- 
ous program that displays the pet types. 



Adding^ pets to the catalog 

The application that adds a new pet to the catalog should do the following 
tasks: 



1. Create a form that asks for a pet category. The person adding the pet 
can choose one of the existing pet types or create a new one. To create a 
new type, the user needs to type a category name and description. 

2. If a new type is created, check that the name and description were 
typed in. 

3. Create a form that asks for pet information — name, description, 
price, picture filename, and color. The person adding the pet can 
choose one of the existing pet names for the selected category or create 
a new name. To create a new pet name, the user needs to type a pet 
name. 

4. If new is selected for pet name, check that the name was typed in. 

5. Store the new pet in the PetCatalog database. 

6. Send a feedback page that shows what information was just added to 
the catalog. 
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The tasks are performed in three programs: 
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psePetCat.php: Creates the pet type form (task 1) 



'osePetName . php: Checks the pet category data and creates the pet 
information form (tasks 2 and 3) 

v'AddPet.php: Checks the pet name field, stores the new pet in the cata- 
log database, and provides feedback (tasks 4, 5, and 6) 

Writing ChoosePetCat 

The first program produces a Web page with an HTML form where the person 
adding a pet can select a pet type for the pet. To make the program easier to 
read and maintain, as 1 discuss in Chapter 10, keep some of the HTML state- 
ments used by the program in a separate file that you bring into the program 
by using an i ncl ude statement. Listing 11-4 shows ChoosePetCat . php. 



Listing 1 1 -4: Program That Lets User Select a Pet Type 

<?php 

/* Program: ChoosePetCat . php 

* Desc: Allows users to select a pet type. All the 

* existing pet types from the PetType table 

* are displayed. A section to enter a new 

* pet type is provided. Selections are 

* provided as radio buttons, with text 

* fields for new category name and 

* description. 
*/ 

?> 

<html> 

<head><title>Pet Types</ti tl e></head> 

<body> 

<?php 

i ncl ude( "misc. i nc" ) ; 

$connection = mysql_connect ( $host , $user , Spassword ) 

or die ("couldn't connect to server"); 
$db = mysql_sel ect_db( $database , $connecti on ) 

or die ("Couldn't select database"); 

/* gets types from PetType table in alphabetical order */ 
$query="SELECT petType FROM PetType ORDER BY petType"; #23 
$result = mysql_query($query) 

or die ("Couldn't execute query."); 

/* Display text before form */ 

echo "<div styl e= ' margi n-1 eft : .lin'> 

<p><h3>Select the category for the pet you are adding. </h3> 
If you are adding a pet in a category that is not 
listed, choose <b>New Category</b> and type the name 
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Listing 11-4 (continued) 

and description of the category. Press <b>Subrnit 
Category</b> when you have finished selecting an 
existing category or typing a new category . \n" ; 

/* Create form containing selection list */ 
echo "<forrn acti on= ' ChoosePetName . php ' rriethod= ' POST ' >\n" ; 
echo "<table eel 1 paddi ng= ' 5 ' border= ' 0 ' >\n" ; 
echo "<tr>"; 

$counter=0; #40 
while ($row = mysql_f etch_a rray ( $resul t ) ) #41 

I 

extract($row) ; 
echo "<td> 

<input type='radio' narrie= ' category ' val ue= ' $petType ' " ; 
if (Scounter == 0) 
{ 

echo "checked"; 

1 

echo ">$petType </td>\n"; 
$counter++; 

) 

echo "</tr></table>\n" ; 
i ncl ude( "NewCat_tabl e . i nc" ) ; 

echo "<p><input type= ' submi t ' val ue=' Submit Category ' >\n " ; 
echo "</form>\n"; 

?> 

</div> 

</body></html> 

The following numbers correspond to the line numbers shown as comments 
at the end of lines in Listing 11-4. Only some of the lines are documented in 
the following list. Many of the tasks in the listing, such as connecting to the 
database, creating forms, and executing queries, are found in most of the pro- 
grams in this application; refer to Listing 1 1-2 for an explanation. The following 
list provides a brief explanation of what the following lines do in the program: 

23 A query that selects all the pet types from the PetTy pe table and sorts 
them in alphabetical order 

40 Creates a counter with a starting value of 0. The counter will keep track 
of how many pet types are found in the database. 

41 Starts awhile loop that executes once for each pet type. The loop cre- 
ates a list of radio buttons for the pet types, with one button selected. 
Here are the details of the while loop: 

45 Echoes a form field tag for a radio button with the value equal to 
$petType. This statement executes once in each loop, creating a 
radio button for each pet type. This statement echoes only the first 
part of the form field tag. 



DropBooks 



#46 



#50 
#51 



#55 
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46 An i f block that executes only in the first loop. It echoes the word 
"checked" as part of the form field. This ensures that one of the 
radio buttons is selected when displayed so that the form can't be 
submitted with no button selected, which would result in unsightly 
error messages or warnings. The counter was set up solely for this 
purpose. 

Although adding "checked" to every radio button works in some 
browsers, it causes problems in other browsers. The extra pro- 
gramming required to add "checked" to only one radio button can 
prevent problems. 

50 Echoes the remaining part of the form field tag for the radio 
button — the part that closes the tag. 

51 Adds 1 to the counter to keep track of the number of times that the 
loop has executed. This is the last line in the while loop. 

55 Creates a table that asks for the new pet type name and description. The 
HTML for the table is read in from another file called 
NewCat_tabl e . i nc. As 1 discuss in Chapter 10, the HTML — especially 
HTML that describes a form — is often kept in a separate file to make 
the main program easier to read and to make the form easier to modify 
when necessary. This file is shown in Listing 1 1-5. 

Listing 1 1 -5: File Containing New Type Form 

<?php 

/* Program: NewCat_tabl e . i nc 

* Desc: HTML code that displays a table for input of a 

* new category 
*/ 

?> 

<table width='100X'> 

<tr><td colspan=3><hr></td></tr> 
<tr> 

<td al i gn= ' center ' > 

<input type='radio' name= ' category ' val ue= ' new ' >&nbsp ; 
</td> 

<td al i gn= ' ri ght ' >Category name:</td> 
<td><input type='text' narTie= ' newCat ' size='20' 
rTiaxlength='20'></td> 

</tr> 

<tr><td al i gn= ' center ' ><b>New Category</b></td> 
<td al i gn= ' ri ght ' >Category descri pti on : </td> 
<td><input type='text' narne= ' newDesc ' size='70%' 
maxl ength= ' 255 ' > 

</td> 
</tr> 

<tr><td colspan=3><hr></td></tr> 
</table> 
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This file is all HTML except for a section of PHP in the top that holds the 
header as comments. I could actually have done this with HTML comments, 
the PHP comment style better 



Writing ChoosePetName 

This second program accepts the data from the form in the first program. It 
checks the information and asks for missing information. After the pet type 
information is received correctly, the program creates a form where a user 
can select a pet name for the new pet being added to the catalog and type the 
information for the pet. This program, as in the preceding program, brings in 
some of the HTML forms and tables from separate files by using the i ncl ude 
statement. This program also calls a function that's in an i ncl ude file. This 
program brings in two files. Listing 11-6 shows ChoosePetName . php. 



Listing 1 1 -6: Program That Asks User for Pet Name 

<?php 

/* Program: ChoosePetName . php 

* Desc: Allows the user to enter the information for 

* the pet. First, the program checks for a new 

* category and enters it into the petType table 

* if it is new. Then, all pets in the selected 

* category are displayed with radio buttons. 

* The user can enter a new name. Fields are 

* provided to enter the description, price, and 

* picture file name. 
*/ 

?> 

<?php 

if (@$_POST[ ' newbutton ' ] == "Return to category page" 

or @$_POST['newbutton'] == "Cancel") #15 

I 

header("Location: ChoosePetCat.php"); 

) 

?> 

<html> 

<head><title>Add Pet</ti tl e></head> 

<body> 

<?php 

i ncl ude( "misc. i nc" ) ; 

i ncl ude( "f uncti ons . i nc" ) ; 

$connection = mysql_connect ( $host , $user , Spassword ) 

or die ("couldn't connect to server"); 
$db = mysql_sel ect_db( $database , Sconnecti on ) 

or die ("Couldn't select database"); 

$category = $_POST[ ' category '] ; 
/* If new was selected for pet category, check if text 
fields were filled in. If they were not filled in, 
display them again for the user to enter the category 
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name and category description. When the fields are filled 
in, store the new category in the PetType table.*/ 
POST[ ' category ' ] == "new") 



if ($_POST['newCat'] == "" 

or $_POST[ ' newDesc ' ] == "") 

( 

i ncl ude( " NewCat_f orm . i nc" ) ; 
exit( ) ; 

1 

/* add new pet type to PetType table */ 

el se 

I 

addNewType( $_POST[ ' newCat ' ] , $_POST[ ' newDesc ' ] ) ; 
$category = $_POST[ ' newCat ' ] ; 



/* Select pet names from table with given category. 

user entered a new category, it is searched for. 
$query = "SELECT DISTINCT petName FROM Pet 

WHERE petType=' Scategory ' ORDER BY petName 
Sresult = mysql_query( $query ) 

or die ("Couldn't execute query"); 
$nrow = mysql_num_rows ( $resul t ) ; 



If 
*/ 



#38 



#41 

#43 
#44 



#47 
#49 

#52 

#57 
#60 



/* create form */ 
echo "<div styl e= ' margi n-1 eft : 
echo 
echo 

if ($nrow < 1) 



1 i n ' > " ; 

<form acti on= ' AddPet . php ' method= ' post ' >\n' 
<p><b>Pet Name</b></p>\n" ; 



#66 



echo "<hr><b>No pet names are currently in the database 
for the category $category</b><hr>\n" ; 



el se 



border= ' 0 ' >" ; 



echo "<table cellpadding= 
echo "<tr>"; 

while ($row = mysql_fetch_array($result) ) 



#71 



#75 



extract($row) ; 
echo "<td>"; 

echo " <input type='radio' name= 
val ue= ' $petName ' " ; 
echo ">$petName</td>\n" ; 

) 

echo "</tr></table>" ; 

1 

i ncl ude ( " NewName_tabl e . i nc" ) ; 



' petName ' 



#85 
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etDescri pti on=" ";$price = "";$pix = "";$petColor = ""; 
ude("PetInfo_table.inc" ) ; #88 



echo "<input type= ' hi dden ' narTie= ' category ' 

value='$category'>\n"; 
echo "<p><input type= ' submi t ' val ue= ' Submi t Pet Narrie'> 

<input type= ' submi t ' name= ' newbutton ' val ue= ' Cancel ' > 
</f orrn>\n" ; 

?> 

</div> 

</body></htrTil> 

The following numbers correspond to the line numbers shown as comments 
at the end of lines in Listing 1 1-6. Only some of the lines are documented in the 
following list because many of the tasks in the listing are found in most of the 
programs in this application. The common tasks are documented for Listing 
1 1-2 and explained in other parts of the book, so 1 don't repeat them here. Here 
is a brief explanation of what the following lines do in the program: 

15 Checks whether the user clicked the submit button labeled Cancel or 
Return to category page. If so, it returns to the first page. 

38 Starts an i f block that executes only if the user selected the radio 
button for New Category in the form from the previous program. This 
block checks whether the new category name and description are filled 
in. If the user forgot to type them in, he or she is asked for the pet type 
name and description again. After the name and description are filled in, 
the program calls a function that adds the new category to the PetTy pe 
table. The following lines describe this i f block in more detail: 

41 Starts an i f block that executes only if the category name and/or 
the category description are blank. Because this i f block is inside 
the i f block for a new category, this block executes only if the 
user selected New Category for pet type but did not fill in the new 
category name and description. 

43 Creates a form that asks for the category name and description. 
The HTML for the form is included from a file. This executes only 
when the i f statement on line 38 is true — that is, if the category 
is new and the category name and/or description are blank. 

44 Stops the program after displaying the form on line 43. The pro- 
gram can't proceed until the category name and description are 
typed in. This block will repeat until a category name and descrip- 
tion are filled in. 

47 Starts an el se block that executes only if both the category name 
and description are filled in. Because this block is inside the i f 
block for the new radio button, this block executes when the user 
selected new and filled in the new category name and description. 
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49 Calls a function that adds the new category to the PetType table. 

50 Up to this point, thecategory is still set to "new". This line sets 



>category to the new category name. 



52 This line ends the i f block. If the user selected one of the existing 
pet types, the statements between line 38 and this line did not 
execute. 

56 A query that selects one of each pet name with the chosen pet type and 
sorts them alphabetically. 

60 Checks whether any pet names were found for the chosen pet type. 

66 Starts an i f block that executes only if no pets were found for the pet 
type. The block echoes a message to the user that no pets were found 
for the pet type. 

71 Starts an el se block that executes if pets were found for the pet type. The 
else block creates a list of radio buttons for the pet names found. The list 
is created with awhile loop (starting on line 75) in the same manner that 
the list of categories was created, as explained in Listing 1 1-4. 

85/88 Lines 85 and 88 create tables that ask for the new pet name and informa- 
tion, bringing the HTML in from separate files by using i ncl ude 
statements. 

This program brings in three files containing HTML using i ncl ude state- 
ments. Listings 1 1-7, 1 1-8, and 1 1-9 show the three files that are included: 

NewCat_f orm . i nc, NewName_tabl e . i nc, and Pet Inf o_tabl e .inc. 

■ 

Listing 1 1 -7: HTML Code That Creates New Pet Type Form 

<?php 

/* Program: NewCat_f orm . i nc 

* Desc: Displays a form to collect a category name and 

* description. 
*/ 

?> 

<b>Either the category name or the category description was 
left blank. You must enter both.</b> 
<form acti on="ChoosePetName . php" method=" POST"> 
<table> 
<tr> 

<td al ign="right">Category name:</td> 
<td><input type="text" name=" newCat" 

value="<?php echo $_POST[ ' newCat ' ] ?>" 
size="20" maxl ength="20"> 

</td></tr> 
<tr> 

<td al ign="right">Category descri pti on : </td> 
<td><input type="text" name=" newDesc" 

(continued) 
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value="<?php echo $_POST[ ' newDesc ' ] ?>" 
size="70%" maxlength="255"> 

d></tr> 
</table> 

<input type="hidden" narrie="category" value="new"> 
<p><input type = " submit" narrie="newbutton" 

value="Enter new category") 
<input type="submi t" narrie="newbutton" 

val ue=" Return to category page") 

</f orni> 



This program is almost all HTML code. Notice the following points about this 
form: 



J This form is created only when the user selects the radio button for 
New Category on the pet type Web page but does not type in the pet 
type name or description. This form is displayed to give the user a 
second chance to type the name or description. 

1^ Most of the file is HTML, with only two small PHP sections that echo 
values for the two fields. 

1^ The form returns to the program that generated it for processing. It is 

processed in the same manner as the form that was sent from the first 
page. The field names are the same and are checked again to see 
whether they are blank. g 

1^ A hidden field is included that sends $category with a value of "new". 

If this form didn't send $category, the program that processes it — the 
same program that generated it — wouldn't know that the pet type was 
new and wouldn't execute the i f block that should be executed when a 
new category is selected. 



Listing 1 1 -8: HTML File That Creates Table for New Name 

<?php 

/* Program: NewName_tabl e . i nc 
* Desc: Displays table to enter new pet name 
*/ 

?> 

<table border="0"> 
<tr><td> 

<input type="radio" name="petName" 

value="new" checked >New Name</td> 
<td><input type="text" name="newName" size="25" 
maxlength="25"> (type new name)</td> 

</tr> 

<tr><td colspan=2><hr></td></tr> 
</table> 
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This file is all HTML with no PHP. It displays the section of the pet name Web 
page where the user can enter a new pet name. 

1 -9: HTML That Creates Table for Pet Info 



<?php 

/* Program: Petinf o_tabl e . i nc 
* Desc: Displays table to collect pet information 
*/ 

?> 

<b>Pet Inf ormati on</b><br> 
<p><table> 

<tr><td al ign="right">Pet Category : </td> 

<td><b>&nbsp ; &nbsp ; <?php echo $category ?></b></td> 
</tr> 

<tr><td al ign="right">Pet Descri pti on : </td> 
<td><input type="text" name=" petDescri pti on" 
value="<?php echo $petDescri pti on ?>" 
size="65" maxl ength = " 255" > 
</td></tr> 
<tr><td al ign="right">Price:</td> 
<td><input type="text" name="price" 

value="<?php echo $price ?>" size="15" 
maxl ength="15"> 
</td></tr> 

<tr><td al ign="right">Picture file name:</td> 
<td><input type="text" name="pix" 

value="<?php echo $pix ?>" size="25" 
maxl ength="25"> 
</td></tr> 

<tr><td al ign = "right">Pet color ( opti onal ) : </td> 
<td><input type="text" name="petCol or" 

value="<?php echo $petColor ?>" size="25" 
maxl ength="25"> 
</td></tr> 
</table> 

This file includes small PHP sections for the variable values. Otherwise, it is 
HTML. 

In addition to HTML for tables and forms, the ChoosePetName . php program 
in Listing 11-6 calls a function. The function is stored in a file named f unc- 
ti ons . i nc and is included in the beginning of the program. Listing 11-10 
shows the function. 
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-k 
* 
* 

*/ 



Tnction addNewType 

fsc Adds a new pet type and description to the 
PetType table. Checks for the new pet type 
first and does not add it to the table if 
it is already there. 



f uncti on addNewType ( SpetType , StypeDescri pti on ) 

I 

/* Prepare data */ 

$petType = ucf i rst ( stri p_tags ( trimC $petType ) ) ) ; 
StypeDescri pti on = 

ucfirst(stri p_tags ( trirn( StypeDescri pti on ) ) ) ; 

/* Check whether new category is already in PetType table. 

If it is not in table, add it to table. */ 
$query = "SELECT petType FROM PetType 

WHERE petType= ' $petType "' ; 
Sresult = rnysql_query($query) or 

die ("Couldn't execute query "); 
$ntype = niysql_nuni_rows($result) ; // 
if ($ntype < 1) //if new type is not in table 
I 

$query = "INSERT INTO PetType ( petType , typeDescri pti on ) 

VALUES ( ' $ petType ' , ' StypeDescri pti on ' ) " ; 
$result = mysql_query($query ) 

or DIE ("Couldn't execute query "); 

) 

return ; 



?> 



The function cleans the data first. Then it checks whether the pet type is 
already in the PetType table. If it is not, the function adds it to the table. 



Wrltlnq AddPet 

This last program accepts the data from the form in the second program. If 
new was selected for the pet name, it checks to see that a new name was 
typed in and prompts for it again if it was left blank. After the pet name is 
filled in, the program stores the pet information from the previous page. 
Notice that it does not check the other information because the other infor- 
mation is optional. This program, as in the previous program, brings in some 
of the HTML forms and tables from two separate files by using the i ncl ude 
statement. Listing 11-11 shows AddPet . php. 
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Listing 11-11: Program That Adds New Pet to Catalog 




Vogram: AddPet.php 

'esc: Adds new pet to the database. A confirmation 
screen is sent to the user. 



if (@$_POST['newbutton'] == "Cancel") 



# 7 



header("Location: ChoosePetCat.php") ; 

) 

SpetName = $_POST[ ' petName ' ] ; 

$newNarrie = $_POST[ ' newName ' ] ; 

$price = $_POST[ ' pri ce ' ] ; 

$pix = $_POST[ 'pix' ] ; 

$petColor = $_POST['petColor']; 

$category = $_POST[ ' category '] ; 

$petDescri pti on = $_POST[ ' petDescri pti on ' ] ; 

if (SpetName == "new") _ #18 

{ * 

if (SnewName == "") #20 



$petName=trim( $newName) ; 

$petName=ucf i rst(strtol ower ( stri p_tags ($petName))); 



$ p i X = " n a . g i f " ; 

?> 

<htinl> 

<head><title>Add Pet</ti tl e></head> 

<body> 

<?php 

i ncl ude( "mi sc . i nc" ) ; ^1^38 

$connection = mysql_connect ( $host , $user , $password ) 

or die ("couldn't connect to server"); 
$db = mysql_sel ect_db( $database , $connecti on ) 

or die ("Couldn't select database"); 
/* Clean the data */ 

$petDescri pti on = stri p_tags ( trim( SpetDescri pti on ) ) ; 
$price = strip_tags(trim($price) ) ; 
$pix = strip_tags(trim($pix) ) ; 
$petColor = strip_tags(trim($petCol or) ) ; 

$query = "INSERT INTO Pet 

(petName , petType ,petDescription,price,pix) VALUES 



i ncl ude( " NewName_f orm . i nc" ) ; 
exit( ) ; 



el se 



#25 



if ($pix == "" ) 



#31 



(continued) 
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( 'SpetName' , '$category' , 'SpetDescription' , '$price' , 
li X ' ) " ; 

'ult = mysql_query($query) 
or die ("Couldn't execute query."); 
$petID = rriysql_insert_id( ) ; #55 



echo "The following pet has been added to the 
Pet Catalog:<br> 
<ul> 

<1 i >Category : $category 

<li>Pet Name: SpetName 

<li>Pet Description: $petDescri pti on 

<li>Price: $price 

<li>Picture file: $pix \n"; 

if ($petColor != "") #66 
I 

if ($petName == "Goldfish" or SpetName == "Parakeet") 

{ 

$query = "SELECT petName FROM Color 

WHERE petName= ' $petName ' 
AND petCol or= ' $petCol or ' " ; 

$result = rTiysql_query( $query ) 

or die ("Couldn't execute query."); 

$nurri = mysql_nuni_rows( $resul t) ; 

if ($num < 1) 

{ 

$query = "INSERT INTO Color ( petName , petCol or , pi x ) 
VALUES ( ' $ petName ' , ' $petCol or ' , ' $pix' ) " ; 
Sresult = mysql_query($query ) 

or die ("Couldn't execute query."); 
echo "<li>Color: $petCol or\n " ; 



) #85 
echo "</ul>"; 

echo "<a href= ' ChoosePetCat . php ' >Add Another Pet</a>\n"; 

?> 

</body></html> 



Notice the line numbers shown as comments at the end of lines in Listing 
11-11. The numbers in the following list correspond to the line numbers in 
the listing. 1 document only some of the lines in the following list because 
many of the most common tasks, such as connecting to the database, have 
been documented for the previous programs in this chapter. 

7 Checks whether the user clicked the Cancel button. If so, returns to the 
first page. 
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18 Starts an i f block that executes only if the user selected new for the pet 
name. If the new name is blank, it displays a form that asks for the new 
ame (line 20) repeatedly until the user types one in. After the new 
e is filled in, $ pet Name is set to the new name (line 25). 



31 If the picture filename was not typed in, it is set to the default picture. 

38 Lines 38-55 add the new pet to the database. The data is cleaned before 
it's added. 

57 Starts echoing the feedback page. 

66 Starts an i f block that executes only if the color was filled in. The color 
is only stored for parakeets and goldfish. The Color table is checked to 
see whether the name and color are already there. If not, they are added 
to the Color table. The i f block ends on line 85. 

This program brings in an HTML file that creates the form to prompt the user 
for the pet name if the user forgot to type it in. Listing 11-12 shows the file 
that is included: NewNanie_f orm. inc. 



Listing 11-12: HTML That Asks User for a New Pet Name 

<?php 

/* Program: NewName_f orm . i nc 
* Desc: Displays form to collect a pet name 
*/ 

?> 

<b>You must type a pet name.</b> 
<form acti on="AddPet . php" method="post"> 
<table><tr> 

<td al i gn=" ri ght" >Pet name:</td> 
<td><input type="text" name="newName" 
val ue=" <?php echo SnewName ?>" 
size="25" maxlength="25"> 
</td></tr> 
</table> 

<input type="hidden" name="category" 

value="<?php echo Scategory ?>"> 
<input type = " hi dden " name="petName" 

value="<?php echo $petName ?>"> 
<input type=" hi dden " name="petDescri pti on" 

value="<?php echo SpetDescri pti on ?>"> 
<input type=" hi dden " name="price" 

value="<?php echo $price ?>"> 
<input type = " hi dden " name="pix" value="<?php echo $pix ?>"> 
<input type=" hi dden " name="petCol or" 

value="<?php echo $petColor ?>"> 
<p><input type="submit" name="newbutton" 

value="Enter new pet name"> 
<input type="submit" name="newbutton" val ue="Cancel "> 
</f orm> 
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This file creates the form that is displayed if the user forgets to type in the 
new pet name. It is very similar to the program in Listing 1 1-7 that's displayed 



ejji an^ser forgets to type in a new category. Notice that two hidden fields 



yj^g^to pass on the values for $category and SpetName. When the form 
is filled in, the values for these two variables are needed to store the pet 
information. 

At the end, this program provides a link to the first page so that the user can 
add another new pet to the catalog if desired. 
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Web Site 



In This Chapter 

^ Designing the Members Only Web site 

^ Building the database for the member directory 

^ Designing the Web pages for the Members Only section 

^ Writing the programs for logging in to the Members Only section 



any Web sites require users to log in. Sometimes users can't view any 
Web pages without entering a password, while sometimes just part of 
the Web page requires a login. Here are some reasons why you might want to 
require a user login: 

The information is secret. You don't want anyone except a few autho- 
rized people to see the information. Or perhaps only your own employ- 
ees should see the information. 

V The information or service is for sale. The information or service that 
your Web site provides is your product, and you want to charge people 
for it. For instance, you might have a corner on some survey data that 
researchers are willing to pay for. For example, AAA Automobile Club 
offers some of its information for free, but you have to be a member to 
see its hotel ratings. 

*^ You can provide better service. If you know who your customers are or 
have some of their information, you can make their interaction with your 
Web site easier. For instance, if you have an account with Barnes and 
Noble.com or the Gap and log into their site, they use your stored ship- 
ping address, and you don't have to type it in again. 
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You can find out more about your customers. Marketing would like to 
know who is looking at your Web site. A list of customers with addresses 



phone numbers and perhaps some likes and dislikes is a useful thing, 
ur Web site offers some attractive features, customers may be will- 
ing to provide some information in order to access your site. For instance, 

■ a person might be willing to answer some questions in order to down- 
load some free software or to play a great online game. 

Typically, a login requires the user to enter a user ID and a password. Often, 
users can create their own accounts on the Web site, choosing their own user 
ID and password. Sometimes users can maintain their accounts — for exam- 
ple, change their password or phone number — online. 

In Chapter 11, you find out how to build an online catalog for your Pet Store 
Web site. Now, you want to add a section to your Web site that's for Members 
Only. You plan to offer special discounts, a newsletter, a database of pet infor- 
mation, and more in the Members Only section. You hope that customers will 
see the section as so valuable that they'll be willing to provide their addresses 
and phone numbers to get a member account that lets them use the services 
in the restricted section. In this chapter, you build a login section for the Pet 
Store. 



besiqninq the Appiication 

The first step in design is to decide what the application should do. Its basic 
function is to gather customer information and store it in a database. It offers 
customers access to valuable information and services to motivate them to 
provide information for the database. Because state secrets or credit card 
numbers aren't at risk, you should make it as easy as possible for customers 
to set up and access their accounts. 

The application that provides access to the Members Only section of the Pet 
Store should do the following: 

Provide a means for customers to set up their own accounts with 
member IDs and peisswords. This includes collecting the information 
from the customer that's required to become a member. 

Provide a page where customers type their member ID and password 
and then check whether they are valid. If so, the customer enters the 
Members Only section. If not, the customer can try another login. 

\^ Show the pages in the Members Only section to anyone who is logged in. 

)^ Refuse to show the pages in the Members Only section to anyone who 
is not logged in. 

Keep track of member logins. You want to know who logs in and how 
often. 
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ibase is the core and purpose of this application. It holds the cus- 
tomer information that's the goal of the Members Only section. It also holds 
the Member ID and password so that the user can log into the Members Only 
section. 

The Members Only application database contains two tables: 

11/^ Member table 
Logi n table 



The first step in building the login application is to build the database. It's 
pretty much impossible to write programs without a working database to test 
the programs on. First design your database; then build it; then add some 
sample data for use while developing the programs. 




Some changes have been made to the database design that 1 develop in 
Chapter 3 for the Members Only restricted section of the Pet Store Web site. 
Development and testing often result in changes. Perhaps you find that you 
didn't take some factors into consideration in your design or that certain ele- 



ments of your design don't work with real-world data or are difficult to pro- 
gram. It's perfectly normal for the design to evolve while you work on your 
application. Just be sure to change your documentation when your design 
changes. 



Buitilin^ the Member table 

In your design for the login application, the main table is the Member table. 
It holds all the information entered by the customer, including the customer's 
personal information (name, address, phone number, and so on) and the 
Member ID and password. The following SQL query creates the Member table: 



CREATE TABLE 


Member ( 






1 ogi nName 


VARCHAR(20) 


NOT 


NULL, 


createDate 


DATE 


NOT 


NULL, 


password 


VARCHAR(255) 


NOT 


NULL, 


1 astName 


VARCHAR(50) , 






f i rstName 


VARCHAR(40) , 






street 


VARCHAR(50) , 






city 


VARCHAR(50) , 






state 


CHAR(2) , 






zip 


CHAR(IO) , 






emai 1 


VARCHAR(50) , 






phone 


CHAR(15) , 






fax 


CHAR(15) , 







PRIMARY KEY(loginName) ); 
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Each row represents a member The columns are 



D Books 

defir 



i nName: A Member ID for the member to use when logging in. The 
omer chooses and types in the login name. The CREATE query 
defines the 1 ogi nName in the following ways: 

• CHAR( 20 ): This data type defines the field as a character string 
that's 20 characters long. The field will always take up 20 charac- 
ters of storage, with padding if the actual string stored is less than 
20 characters. If a string longer than 20 characters is stored, any 
characters after 20 are dropped. 

•PRIMARY KEY (1 ogi nName ): The primary key identifies the row 
and must be unique. MySQL will not allow two rows to be entered 
with the same 1 ogi nName. 

• NOT NULL: This definition means that this field can't be empty. 
It must have a value. The primary key must always be set to 

NOT NULL. 

)^ createDate: The date when the row was added to the database — that 
is, the date when the customer created the account. The query defines 

createDate as 

• DATE: This is a string that's treated as a date. Dates are displayed 
in the format YYYY-MM-DD. They can be entered in that format or 
some similar formats, such as YY/M/D or YYYYMMDD. 

• NOT NULL: This definition means that this field can't be empty. It 
must have a value. Because the program, not the user, creates the 
date and stores it, it won't ever be blank. 

password: A password for the member to use when logging in. The cus- 
tomer chooses and types in the password. The CREATE query defines 
the password in the following ways: 

• VARCHAR(255): This statement defines the field as a variable char- 
acter string that can be up to 255 characters long. The field is stored 
in its actual length. You don't expect the password to be 255 char- 
acters long. In fact, you expect it to be pretty short. However, you 
intend to use the MySQL password function to encrypt it rather 
than store it in plain view. After it's encrypted, the string will be 
longer, so you're allowing room for the longer string. 

• NOT NULL: This statement means that this field can't be empty. It 
must have a value. You're not going to allow an empty password in 
this application. 

\^ lastName: The customer's last name, as typed by the customer The 
CREATE query defines the field as 

• VARCHAR(50): This datatype defines the field as a variable charac- 
ter string that can be up to 50 characters long. The field is stored 
in its actual length. 
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11^ f i rstName: The customer's first name, as typed by the customer. The 
CREATE query defines the field as 

VARCHAR(40): This datatype defines the field as a variable charac- 
ter string that can be up to 40 characters long. The field is stored 
in its actual length. 

i/* street: The customer's street address, as typed by the customer. The 
CREATE query defines the field as 

• VARCHAR(50): This datatype defines the field as a variable charac- 
ter string that can be up to 50 characters long. The field is stored 
in its actual length. 

city: The city in the customer's address, as typed by the customer. The 
CREATE query defines the field as 

• VARCHAR(50): This datatype defines the field as a variable charac- 
ter string that can be up to 50 characters long. The field is stored 
in its actual length. 

state: The state in the customer's address. The string is the two-letter 
state code. The customer selects the data from a drop-down list contain- 
ing all the states. The CREATE query defines the field as 

• CHAR( 2 ) : This data type defines the field as a character string 
that's two characters long. The field will always take up two char- 
acters of storage, with padding if the actual string stored is less 
than two characters. 

V zip: The ZIP code that the customer types in. The CREATE query defines 
the field as 

• CHARCIO ): This data type defines the field as a character string 
that's ten characters long. The field will always take up ten charac- 
ters of storage, with padding if the actual string stored is less than 
ten characters. The field is long enough to hold a ZlP+4 code, such 
as 12345-1234. 

ema i 1 : The e-mail address that the customer types in. The CREATE query 
defines the field as 

• VARCHAR(50): This datatype defines the field as avariable charac- 
ter string that can be up to 50 characters long. The field is stored 
in its actual length. 

phone: The phone number that the customer types in. The CREATE 
query defines the field as 

• CHAR( 15 ): This data type defines the field as a character string 
that's 15 characters long. The field will always take up 15 charac- 
ters of storage, with padding if the actual string stored is less than 
15 characters. 
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fax: The fax number that the customer types in. The CREATE query 
defines the field as 

CHAR(15 ): This data type defines the field as a character string 
that's 15 characters long. The field will always take up 15 charac- 
ters of storage, with padding if the actual string stored is less than 
15 characters. 

Notice that some fields are CHAR and some are VARCHAR. CHAR fields are 
faster, whereas VARCHAR fields are more efficient in using disk space. Your 
decision will depend on whether disk space or speed is more important for 
your application in your environment. 




In general, shorter fields should be CHAR because shorter fields don't waste 
much space. For instance, if your CHAR is 5 characters, the most space that 
could possibly be wasted is 4 characters. However, if your CHAR is 200, you 
could waste 199 characters. Therefore, for short fields, use CHAR for speed 
with very little wasted space. 
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BuHdinq the Loqin table 

The Logi n table keeps track of member logins by recording the date and time 
every time that a member logs in. Because each member has multiple logins, 
the login data requires its own table. The CREATE query that builds the Logi n 
table is 

CREATE TABLE Login ( 

loginName VARCHAR(20) NOT NULL, 

loginTime DATETIME NOT NULL, 
PRIMARY KEYdoginName, loginTime) ); 

The Login table has only two columns, as follows: 

1 ogi nName: The Member ID that the customer uses to log in with. The 
1 ogi nName is the connection between the Member table (which 1 describe 
in the preceding section) and this table. Notice that the 1 ogi nName 
column is defined the same in the Member table and in this table. This 
makes table joining possible and makes matching rows in the tables 
much easier. The CREATE query defines the 1 ogi nName in the following 
ways: 

• CHAR( 20 ): This data type defines the field as a character string 
that's 20 characters long. The field will always take up 20 charac- 
ters of storage, with padding if the actual string stored is less than 
20 characters. If a string longer than 20 characters is stored, any 
characters after 20 are dropped. 
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PRIMARY KEY ( 1 ogi nName , 1 ogi nTime ): The primary key identifies 
the row and must be unique. For this table, two columns together 
are the primary key MySQL will not allow two rows to be entered 
with the same 1 ogi nName and 1 ogi nDate. 

NOT NULL: This definition means that this field can't be empty. 
It must have a value. The primary key must always be set to 

NOT NULL. 

1^ 1 ogi nTi me: The date and time when the member logged in. This field 
uses both the date and time because it needs to be unique. It's very 
unlikely that two users would log in at the same second at the Pet Store 
Web site. However, in some very busy Web sites, two users might log in 
during the same second. At such a site, you might have to create a 
sequential login number to be the unique primary key for the site. The 
CREATE query defines the 1 ogi nTi me in the following ways: 

• DAT ET I ME: This is a string that's treated as a date and time. The 
string is displayed in the format YYYY-MM-DD HH:MM:SS. 

• PRIMARY KEY (1 ogi nName , 1 ogi nTime ): The primary key identifies 
the row and must be unique. For this table, two columns together 
are the primary key. MySQL will not allow two rows to be entered 
with the same 1 ogi nName and 1 ogi nDate. 

•NOT NULL: This definition means that this field can't be empty. 
It must have a value. The primary key must always be set to 

NOT NULL. 



Adding^ data to the database 

This database is intended to hold data entered by customers — not by you. 
It will be empty when the application is first made available to customers 
until customers add data. However, to test the programs while you write them, 
you need to have at least a couple of members in the database. You need a 
couple of Member IDs and passwords to test the login program. You can add 
a couple of fake members for testing purposes — by using an I N S E RT SQL 
query — and remove them when you're ready to go live with your Members 
Only application. 



besi^nin^ the Look and Feel 

After you know what the application is going to do and what information 
you want to get from customers and store in the database, you can design 
the look and feel. The look and feel includes what the user sees and how the 
user interacts with the application. Your design should be attractive and 



DropBooks 



Part IV: Applications 



easy to use. You can create your design on paper, indicating what the user 
sees, perhaps with sketches or with written descriptions. You should also 

I user interaction components, such as buttons or links, and describe 
||ons. Include each page of the application in the design. 

The Pet Store Members Only application has three pages that are part of the 
login procedures. In addition, the application includes all the pages that are 
part of the Members Only section, such as the page that shows the special 
discounts and the pages that provide discussions of pet care. In this chapter, 
you only build the pages that are part of the login procedure. You don't build 
the pages that are part of the Members Only section, but I do discuss what 
needs to be included in them to protect them from viewing by non-members. 

The login application includes three pages, plus the group of pages that com- 
prise the Members Only section, as follows: 

Storefront page: The first page that a customer sees. It provides the 
name of the business and the purpose of the Web site. 1 introduce a 
storefront page in Chapter 11, and in this chapter, you modify it to pro- 
vide access to the Members Only section. 

*^ Login page: Allows the customer to either log in or create a new member 
account. It shows a form for the customer to fill in to get a new account. 

New Member Welcome page: Welcomes the new users by name, letting 
them know that their accounts have been created. Provides any informa- 
tion that they need to know. Provides a button so that users can continue 
to the Members Only section or return to the main page. 

W Members Only section: A group of Web pages that contain the content 
of the Members Only section. 



Storefront paqe 

The storefront page is the introductory page for the Pet Store. Because most 
people know what a pet store is, the page doesn't need to provide much expla- 
nation. Figure 12-1 shows the storefront page. Two customer actions are avail- 
able on this page: a link that the customer can click to see the Pet Catalog and 
a link to the Members Only section. 



Loqin paqe 

The login page allows the customer to log in or create a new member account. 
It includes the form that customers need to fill out to get a member account. 
Figure 12-2 shows the login page. This page has two different submit buttons: 
one to log in with an existing member account and one to create a new member 
account. 
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3 Pet Store Front Page - Microsoft Internet Explorer 



File Edit View Favorites Jools Help 

'id l^^ ^ 

Stop Refresh Home 



'tip: //janetval.san.rr.com/PHP&MySQLforDummies/PetShopFfont.php 




Figure 12-1: 

The opening 
page of the 
Pet Store 
Web site. 
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Search Favorites History 



Mail 



■J 

Print 



ReaLcom 



^ Done 




Looking for a new friend? 

Check out oiu F^t Catalog. 
We may have just what you're looking for. 



m Intel 



Looking for 




^Members Only Login - Microsoft Internet Explorer 
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Figure 12-2: 

The page 
where 
customers 
log in or 
create 
a new 
member 
account. 
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Members Only Sec 



Are you a member? 



Usemame | 
Passutird 



Not a member yet? Get discounts, a newsletter, advance notice of new pets, much more. 
Fill in the informationbelow and join. It's easy and fi-eel 



Member ID 

First Name 
Last Name 
Street 
City 
State 
Phone 
Email Address 



Zl 2jp\ 
Fax I 



Beconae a Member 



AU comments and suggestions are appreciated. Please send comments to webmastengipetstore ci 
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Figure 



If a customer makes a mistake on the login page, either in the login section 
or the new member section, the form is displayed again with an error mes- 
instance, suppose that a customer makes an error when typing his 
dress: He forgot to type the . com at the end of the e-mail address, 
igure 12-3 shows the screen that he sees after he submits the form with the 
mistake in it. Notice the error message printed right above the form. 



When members successfully log in with a valid Member ID and password, 
they go to the first page of the Members Only section. When new members 
successfully submit a form with information that looks reasonable, they go 
to a New Member Welcome page (see the next section). In addition, an e-mail 
message is sent to the new member with the following contents: 

A new Member Account has been setup for you. Your new 
Member ID and password are: 

gsmi th 

secret | 

We appreciate your interest in Pet Store at PetStore.com 

If you have any questions or problems, send email 
to webmaster@petstore.com 



3 Members Only Login - Microsoft Internet Explorer 
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Figure 12-3: 
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Members Only Section 



Are you a member? 



Useniame | 
Password 



Not a member yet? Get discotmts, a newsletter, advance notice of new pets, much n 
Fin in the information below and join. It's easy andfreel 

mymail@mycoiTqia]iy is not avalid email address. Please try again. 
Member ID i 



Igsmith 



Password 
First Name 
Last Name 
Street 
City 
State 
Phone 
Email Address 



iig Civ 



555-555-5555 



Fax I 



I mym ai I @ my co m p any 



Become a Member 
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This e-mail message contains the customer's password. I think that it's very 
helpful to both the customer and the business to provide customers with a 
^4ia|dK^y of their password. Customers will forget their password. It seems 
VJ#'P\^^ of the rules. An e-mail message with their password might help them 
when they forget it, saving both them and you some trouble. Of course, e-mail 
messages aren't necessarily secure, so sending passwords via e-mail isn't a 
good idea for some accounts, such as an online bank account. But, for this Pet 
Store application, with only unauthorized discounts and pet care information 
at risk, sending the password via e-mail is a reasonable risk. 



AJeu/ Member Welcome paqe 

The New Member Welcome page greets the customer and offers useful infor- 
mation. The customer sees that the account has been installed and can then 
enter the Members Only section immediately. Figure 12-4 shows a welcome 
page. 



Figure 12-4: 

A page 
welcoming 
new 
members. 



^ New Member Welcome - Microsoft Internet Explorer 
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Welcome Goliath Smith 

Youi new Member Account lets you enterthe Members Only section of our web site. You'll find special discounts and bargains, a huge 
database of animal facts and stories, advice from experts, advance notification of new pets for sale, a message board where you can talk to 
otherMembers, and much more. 

Your new Member ID and password were emailed to you. Store them carefully for future use. 



Glad you could join us ! 

Enterthe Members Only Section 
do to Pet Store Main Page 
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Members Onti^ section 



ore Web pages make up the contents of the Members Only section, 
the content is, the pages are no different than any other Web pages 
or PHP programs, except for some PHP statements in the beginning of each 
file that prevent non-members from viewing the pages. 



Writing the Programs 

After you know what the pages are going to look like and what they are going 
to do, you can write the programs. In general, you create a program for each 
page, although sometimes it makes sense to separate programs into more 
than one file or to combine programs on a page. (See Chapter 10 for details 
on how to organize applications.) 



^tftBE^ As 1 discuss in Chapter 10, keep the information needed to connect to the 
database in a separate file and include it in all the programs that need to 
access the database. Store the file in a secure location, with a misleading 
name. For this application, the following information is stored in a file named 

dogs . i nc: 



<?php 

$user="catal og" ; 
$host=" 1 ocal host" ; 
$password=" " ; 

$database="MerTiberDi rectory" ; 



The member login application has several basic tasks: 



1. Show the storefront page. This provides a link to the login page. 

2. Show a page where customers can fill in a Member ID and a password 
to log in. 

3. Check the Member ID and the password that the customer types 
against the Member ID and password stored in the database. If the ID 

and password are okay, the customer enters the Members Only section. 
If the ID and/or password are not okay, the customer is returned to the 
login page. 

4. Show a page where customers can fill in the information needed to 
obtain a member account. 

5. Check the information the customer typed in for blank fields or incor- 
rect formats. If bad information is found, show the form again so that 
the customer can correct the information. 
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6. When good information is entered, add tlie new member to tlie 
databetse. 
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a welcoming page to the new member. 

The tasks are performed in three programs: 



PetShopFront . php: Shows the storefront page (task 1). 

\^ Log in. php: Performs both the login and create new member account 
tasks (tasks 2-6). 

New_rriernber . php: Shows the page that welcomes the new member 
(task 7). 



Wntinq PetShophont 



The storefront page doesn't need any PHP statements. It simply displays a 
Web page with two links — one link to the Pet Catalog and one link to the 
Members Only section of the Web site. HTML (HyperText Markup Language) 
statements are sufficient to do this. Listing 12-1 shows the HTML file that 
describes the storefront page. 

Listing 1 2-1 : HTML File for the Storefront Page 

<?php 

/* Program: PetShopFrontMembers . php 
* Desc: Displays opening page for Pet Store. 
*/ 

?> 

<htrril> 

<head><title>Pet Store Front Page</ti tl e></head> 
<body topmargi n="0" 1 eftmargi n="0" marginheight="0" 

rTiarginwidth="0"> 
<table width="100%" hei ght=" 100%" border="0" 
cellspacing="0" cellpadding="0"> 

<tr> 

<td al i gn="center" valign="top" height="30" colspan="2"> 
<irrig src=" images/awni ng-top . gi f " al t="awni ng"> 

</td> 
</tr> 
<tr> 

<td al i gn="center" valign="top" colspan="2"> 

<irrig src=" images/Name . gi f" alt="Pet Store") 
</td></tr> 
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Listing 12-1 (continued) 
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idth="80%" al i gn="center"> 
'<p styl e="rriargi n-top : 40pt"> 

<irTig src="irriages/l izard-front.jpg" alt="lizard picture" 

height="186" width="280"> 
<p><h2>Looki ng for a new f ri end?</h2> 
<p>Check out our 

<a href="PetCatal og.php">Pet Catalog. </a> 
<br> We may have just what you're looking for. 
</td> 

<td width="20X" bgcol or="bl ack"> 

<div styl e="col or : white; link: white"> 

<p styl e="text-al i gn : center; font-size: 15pt"> 

<b>Looking for <br>rriore?</b></p> 

<ul> 

<li>special deals? 
<li>pet information? ^ 
<li>good conversation? ■ 
</ul> 

<p styl e="text-al i gn : center">Try the 
<br><a href=" Logi n . php" 

styl e="col or : whi te">Members Only</a> 
<br>section <br>of our store 

<p styl e="text-al i gn : center"><b>It ' s free!</b></p> 
</td> 
</tr> 
</table> 
</body></html> 

Notice the link to the login PHP program. When the customer clicks the link, 
the login page appears. 



Writing Loqin 

The login page (refer to Figure 12-2) is produced by the program Logi n . php, 
as shown in Listing 12-2. The program uses a switch to create two sections: 
one for the login and one for creating a new account. The program creates a 
session that's used in all the Members Only Web pages. The login form itself 
isn't included in this program; it's in a separate file called 1 ogi n_f orm . i nc, 
which is called into this program, whenever the form is needed, by using 
i ncl ude statements. 



Listing 12-2: Login Program 

<?php 

/* Program: Login. php 

* Desc: Login program for the Members Only section of the 

* pet store. It provides two options: (1) login 
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using an existing Login Name and (2) enter a new 
login name. Login Names and passwords are stored 
in a MySQL database. 



sessi on_start( ) ; 
incl ude( "dogs . inc" ) ; 
switch (@$_GET['do']) 



# 9 
#10 
#11 



case " 1 ogi n" : #13 

$connection = mysql_connect ( $host , $user , Spassword ) #14 
or die ("Couldn't connect to server."); 

$db = mysql_sel ect_db( Sdatabase , Sconnection) 

or die ("Couldn't select database."); #17 



$sql 



"SELECT loginName FROM Member 
WHERE 1 ogi nName= ' $_POST[f username] ' " ; 
$result = mysql_query ( $sql ) 

or di e ( "Coul dn ' t execute query.") 
$num = mysql_num_rows ( $resul t ) ; 
if ($num == 1) // login name was found 



$sql 



#20 

#22 
#23 
#24 



"SELECT loginName FROM Member 
WHERE 1 ogi nName= ' $_POST[f username] ' 
AND pas sword=pas sword ( ' $_POST[f password] ' ) " ; 
$result2 = mysql_query ( $sql ) 

or di e( "Coul dn ' t execute query 2."); #30 
$num2 = mysql_num_rows($result2) ; 

if ($num2 > 0) // password is correct #32 
I 

$_SESSION['auth']="yes"; #34 
$1 ogname=$_POST[ 'fusername']; 

$_SESSION['logname'] = Slogname; #36 
$today = date("Y-m-d h:m:s"); #37 
$sql = "INSERT INTO Login ( 1 ogi nName , 1 ogi nTime ) 

VALUES ( ' $logname' , ' $today ' )" ; 
mysql_query ( $sql ) or die("Can't execute query."); 
header( " Locati on : Member_page . php" ) ; #41 



else 



// password is not correct 



unset ( $do ) ; 

$message="The Login Name, ' $_POST[f username] ' 
exists, but you have not entered the 
correct password! Please try 

agai n . <br>" ; 

i ncl ude( " 1 ogi n_f orm .inc"); 



elseif ($num == 0) // login name not found 



#43 
#45 



#49 

#51 
#52 



(continued) 



Part IV: Applications 



Listing 12-2 (continued) 



DBooks 



unset($do) ; 

Smessage = "The Login Name you entered does not 

exist! Please try again. <br>"; 
i ncl ude ( " 1 ogi n_f orm . i nc" ) ; 



break; 

case "new": 

foreach($_POST as $field => $value) 



if ($field != 
{ 

if ($value 



'fax" ) 
__ „„-, 



#54 



#59 

#61 
#62 

#64 

#66 



unset($_GET[ 'do' ] ) ; 

$message_new = "Required information is missing. 

Please try agai n . " ; 
i ncl ude( "1 ogi n_f orm. i nc" ) ; 
exit(); ^ 



if (ereg( " (Name) " ,$fi eld) ) #75 
{ 

/*if ( !ereg("'^[A-Za-z' - ] { 1 , 50 ) $ " , $val ue ) ) 
{ 

unset($_GET['do']); 

$message_new = "$field is not a valid name. 

PI ease try agai n . " ; 
i ncl ude( " 1 ogi n_f orm. i nc" ) ; 
exit( ) ; 
)*/ 

) 

$$field = strip_tags(trim($value) ) ; #86 
) // end foreach 

if ( !ereg("'^[0-9]{5,5)(\-[0-9]|4,4) )?$" ,$zip)) #88 
{ 

unset($_GET[ 'do' ] ) ; 

$message_new = "$zip is not a valid zip code. 

Please try agai n . " ; 
i ncl ude( " 1 ogi n_f orm . i nc" ) ; 
exi t ( ) ; 

) 

if ( !ereg("'^[0-9)(xX -] { 7 , 20 ) $" , $phone ) ) #96 
{ 

unset($_GET[ 'do' ] ) ; 

$message_new = "$phone is not a valid phone number. 

Please try agai n . " ; 
i ncl ude( " 1 ogi n_f orm . i nc" ) ; 
exit( ) ; 
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if ($fax != 



) 



#104 



if ( !ereg("'^[0-9)(xX -] { 7 , 20 ) $" , $f ax) ) 
{ 

unset($_GET['do']); 

$rriessage_new = "$fax is not a valid phone number, 

PI ease try agai n . " ; 
i ncl ude( " 1 ogi n_f orm . i nc" ) ; 
exit( ) ; 



i f ( !ereg( .+@.+\\ . .+$" , Semai 1 ) ) 



#115 



unset($_GET[ 'do' ] ) ; 

$message_new = "Semail is not a valid email address. 

PI ease try agai n . " ; 
i ncl ude( " 1 ogi n_f orm . i nc" ) ; 
exitO ; 

) #122 

/* check to see if login name already exists */ 
$connection = mysql_connect ( $host , $user , $password ) 

or die ("Couldn't connect to server."); 
$db = mysql_sel ect_db( $database , $connection) 

or die ("Couldn't select database."); 
$sql = "SELECT loginName FROM Member 

WHERE 1 ogi nName= ' $newname ' " ; 
$result = mysql_query ( $sql ) 

or di e( "Coul dn ' t execute query."); 
$num = mysql_numrows ( $resul t ) ; 

if ($num > 0) #133 
{ 

unset($_GET[ 'do' ] ) ; 

$message_new = "$newname already used. Select another 

Member ID."; 
i ncl ude( " 1 ogi n_f orm . i nc" ) ; 
exit( ) ; 



el se 



#141 
#143 



$today = date( "Y-m-d" ) ; 
$sql = "INSERT INTO Member ( 1 ogi nName , createDate , 
password, firstNameJastName, street, city, 
state, zip, phone, fax, emai 1 ) VALUES 
('$newname','$today',password('$newpass'), 
' $f i rstName ' , ' $1 astName ' , '$ street ' , ' $ci ty ' , 
'$state' , '$zip' , '$phone' , '$fax' , '$email ' )"; 
mysql_query ( $sql ) ; #150 
$_SESSION['auth']="yes"; #151 
$_SESSION[ ' 1 ogname' ] = $newname; #152 
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/* send email to new member */ #153 

$emess = "A new Member Account has been setup. "; 

$emess.= "Your new Member ID and password are: "; 

$emess .= "\n\n\t$newname\n\t$newpass\n\n" ; 

$emess.= "We appreciate your interest in Pet Store"; 

$emess.= " at PetStore.com. \n\n"; 

$emess.= "If you have any questions or problems,"; 

$emess.= " email webmaster@petstore.com"; 

$ehead=" From : member-desk@petstore . com\r\n" ; #161 

$subj = "Your new Member Account from Pet Store"; 



$mai 1 send=mai 1 ( " $emai 1 " , " $subj " , " $emess" 
header("Location: New_member . php" ) ; 



break; 



tehead" ) ; 

#164 

#166 



def aul t : 

i ncl ude( " 1 ogi n_f orm . i nc" ) 



#168 



?> 



Some of the lines in Listing 12-2 have line numbers at the ends of the lines. 
The following list refers to the line numbers in the listing to discuss the pro- 
gram and how it works: 



9 Starts a session. The session has to be started at the beginning of the 
program, even though the user hasn't logged in yet. 

10 Reads in the file that sets the variables needed to connect to the data- 
base. The program is called dogs . i nc, which is a misleading name that 
seems more secure than calling itmypasswords.inc. 

11 Starts a swi tch statement. The swi tch statement contains three sections, 
based on the value that was passed for do, obtained from the built-in 
array $_GET. The first section runs when the value pair passed for do is 

1 ogi n; the second section runs when the value passed for do is new; and 
the third section is the default that runs if no value was passed for do. 
The third section just creates the login page and only runs when the cus- 
tomer first links to the login page. 

13 Starts the case block for the login section — the section that runs when 
the customer logs in. The login section of the form sends do=l ogi n in 
the URL, which causes this section of the switch statement to run. 

14 Lines 14-17 connect to MySQL and select the database. 

19 Lines 19-22 look in the database table Membe r for a row with the login 
name typed by the customer. 

23 Checks to see whether a row was found with a loginName field contain- 
ing the Member ID typed by the customer $num will equal 0 or 1, depend- 
ing on whether the row was found. 
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DropBook; 



24 Starts an i f block that executes if the Member ID was found. That means 
that the user submitted a Member ID that is in the database. This block 
checks to see whether the password submitted by the user is cor- 
for the given Member ID. This block is documented in more detail in 
the following list: 

26 Lines 26-28 create a query that looks for a row with both the 
Member ID and the password submitted by the customer. Notice 
that the password submitted in the form ($f password) is encrypted 
by using the MySQL function, passworcK ). Passwords in the data- 
base are encrypted, so the password that you're trying to match 
must also be encrypted, or it won't match. 

29 Lines 29-31 execute the query and check whether a match was 
found. $nuni2 equals 1 or 0, depending on whether a row with both 
the Member ID and the password is found. 

32 Starts an i f block that executes if the password is correct. This 
is a successful login. Lines 32-41 are executed, performing the fol- 
lowing tasks: 1) The two session variables, auth and lognanie,are 
stored in the SESSION array. 2) $ today is created with today's date 
and time in the correct format expected by the database table. 3) A 
row for the login is entered into the Login table. 4) The first page of 
the Members Only section is sent to the member. 

43 Starts an el s e block that executes if the password is not correct. 
This is an unsuccessful login. Lines 45-49 are executed, perform- 
ing the following tasks: 1) Unset the form variable $do. This pre- 
vents any confusion later 2) Set the appropriate error message 
into $rriessage.3) Show the login page again. The login page will 
show the error message. 

Notice that the loop starting on line 43 lets the user know when 
they have a real login name but the wrong password. If the security 
of your data is very important, you may want to write this loop dif- 
ferently. Providing that information may be helpful to someone who 
is trying to break in. The cracker now only needs to find the pass- 
word. For more security, just have one condition that gives the 
same error message whenever either the login name or the pass- 
word is incorrect. In this example, 1 prefer to provide the informa- 
tion because it is helpful to the legitimate member (who may not 
remember whether he or she installed an account at all), and I'm 
not protecting any vital information. 

51 Ends the block that executes when the Member ID is found in the 
database. 

52 Starts an i f block that executes when the Member ID is not found in the 
database. This could actually be an el se, instead of an el sei f , but I 
think that it's clearer to humans with the i f condition in the statement. 
This block unsets the form variable $do, creates the appropriate error 
message and also shows the login page again, which includes the error 
message. 
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59 Ends the case block that executes when the customer submits a 
Member ID and password to log in. The login block extends from 



fll^^srts the case block that executes when the customer fills out the form 
to get a new member account. The form sends do = new in the URL, caus- 
ing the program to jump to this section of the switch statement. 

62 Starts aforeach loop that loops through every field in the new member 
form. The loop checks for empty required fields and checks the first and 
last name for acceptable characters. The statements in the loop are docu- 
mented in more detail in the following list: 

64 Checks whether the field is the fax field. The fax field is not 
required. The fax field isn't checked to see whether it is blank 
because it's okay for it to be blank. 

66 Checks whether the field is blank. If it is, the i f block performs 
the following tasks: 1) Unsets $do. 2) Creates an error message 
that explains the problem. 3) Shows the login form again, includ- 
ing the error message. 4) Stops the program and waits for the user 
to submit the form again with the field filled in. 

75 Checks whether the field is the last name or first name field. If so, 
it checks the field format for allowed characters. If any characters 
that are not allowed are found, it performs the following tasks: 
1) Unsets $do. 2) Creates an error message that explains the prob- 
lem. 3) Shows the login form again, including the error message. 
4) Stops the program and waits for the user to submit the form 
again with the correct format. 

86 Trims extra spaces from all the field values after they are checked 
in line 66 to be sure that they aren't blank. Removes any HTML 
tags that are in any of the fields. Creates a variable for each of 
the fields in the following way. Suppose in the first loop of the 
foreach loop, the variable is $ _POST [ 1 ogi nName] = gsmith. 
The foreach loop sets $key=" 1 ogi nName" and $val ue=" gsmi th". 
Therefore, the statement in line 86 is equivalent to 

$1 ogi nName=stri p_tags ( tri m( "gsmi th" ) ). The 
$$key is $1 ogi nName because $key = l ogi nName. 

87 Ends the foreach loop. 

88 Lines 88-122 are a series of i f blocks that check the fields for the cor- 
rect format. If any of the fields checked doesn't have the correct format, 
the block performs the following tasks: 1) Unsets $do. 2) Creates an error 
message that explains the problem. 3) Shows the login form again, includ- 
ing the error message. 4) Stops the program and waits for the user to 
submit the form again with the correct format. 
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124 Lines 124-132 check whether the Member ID submitted by the customer 

is already a 1 ogi nName in the database table Member. The 1 ogi nName 
V ly^'^t be unique. $nurri equals 0 or 1, depending on whether the 
1 nName is found in the database. 



133 Starts an i f block that executes if the 1 ogi nName is already in the data- 
base. The new member cannot be added if the Member ID is not unique. 
The block performs the following tasks: 1) Unsets $do. 2) Creates an 
error message that explains the problem. 3) Shows the login form again, 
including the error message. 4) Stops the program and waits for the user 
to submit the form again with a different Member ID. 

141 Starts an el se block if the 1 ogi nName is nof already in the database. 
This is a successful application for a member account. The block inserts 
a new row in the Member table for the new member account and sends 
an e-mail message to the customer about the new account. The state- 
ments in the block are documented in more detail in the following list: 

143 Sets $today to today's date in the correct format for the 
createDate field in the Member table. 

144 Creates an I NSERT query to add the new member row. Notice that 
the password is encrypted as passworcK ' $newpass ' ) when it is 
entered. This is a security method so that no one who looks in the 
database can see the password. If you're totally sure that no one will 
see the database that shouldn't, encryption isn't really necessary. 

150 Executes the INSERT query. 

151 In lines 151 and 152, the two session variables, $auth and $1 ogname, 
are stored in the SESSION array. 

154 Lines 154-163 send an e-mail to the new member, verifying the 
Member ID and password. Notice that the e-mail message is cre- 
ated in the variable $emess over several lines. It begins in line 154 
and is added to (by using . =) on each line until it finishes on line 
160. This is to make it easier for humans to read — not because 
PHP needs this. Unlike HTML content that ignores extra spaces 
and line ends, extra spaces and other things have an effect on an 
e-mail message. For instance, if 1 created one long message — with 
extra spaces to indent it so that 1 could read it — those spaces 
would show up in the e-mail. So, 1 set the message on several lines 
that 1 can indent for readability in the program. Line 163 uses the 
PHP function mail to send the e-mail message. The mail function 
is documented in Chapter 14. 

164 Sends the customer to the New Member page. 




165 Ends the else block for a successful new member account 
application. 
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1-^ IfiS start 

dBooi^ 



166 Ends the case block for the New Member section of the login page. 

Starts the case block for the default condition. If $do is not set to either 
or "new", the program skips to this block. Because both the 
s on the login page set $do, this block only executes the first time 
this program runs — when the user links to it from the storefront page 
and has not yet submitted either form. This section has only one state- 
ment: a statement that displays the login page. 



This program shows the login page in many places. This is done with include 
statements that call the file 1 ogi n_f orm . i nc. This file includes the HTML 
that produces the login page. The program Logi n . php does nof produce any 
output at all. All the output is produced by 1 ogi n_f orm .inc. This type of 
application organization is discussed in Chapter 10. This is a good example 
of the use of i ncl ude files. Just imagine this program, which is long enough, 
if the statements in 1 ogi n_f orm . i nc, shown in Listing 12-3, were included in 
the Login program at each place where logi n_f orm is included. Whew, that 
would be a mess that only a computer could understand. 



Listing 1 2-3: File That Creates the Login Page 

<?php 

/* File: 1 ogi n_f orm . i nc 

* Desc: Displays login page. Page displays two forms--one 

* form for entering an existing login name and 

* password and another form for the information 

* needed to apply for a new account. 

*/ 

i ncl ude( "f uncti onsl2 . i nc" ) ; # 8 

?> 

<html> 

<head><ti tl e>Members Only Login</titl e></head> 
<body topmargi n="0" 1 eftmargi n="0" marginheight="0" 

marginwidth="0"> 
<table border="0" eel 1 paddi ng = "5" eel 1 spaci ng="0" > 
<tr><td colspan="3" bgcol or="gray " al ign="center"> 
<font col or="whi te" size="+10"> 
<b>Members Only Secti on</b></f ont></td></tr> 

<tr> 

<td width="33%" val i gn="top"> 

<font size="+r'><b>Are you a member?</b></f ont> 
<P> 

<!-- form for customer login --> 
<form acti on=" Logi n . php?do=l ogi n " method = "POST"> 
<table border="0"> 
<?php #25 
if ( i sset ( $message ) ) 
echo "<tr><td col span= ' 2 ' >$message </td></tr>"; 

?> 
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<tr><td align = right><b>LlsernarTie</b></td> 
<td><input type="text" narTie="f username" 

size="20" maxsi ze="20"> 
</td></tr> 

<tr><td width="120" al ign="right"><b>Password</b> 
</td> 

<td><input type="password" narTie="f password" 
size="20" maxsi ze=" 20 "></td></tr> 
<tr><td al ign="center" colspan="2"> 

<br><input type=" submi t" name="log" 
val ue="Enter"> 

</td></tr> 
</table> 
</f orm) 
</td> 

<td width="l" bgcol or="gray"></td> 
<td width = "67°^"> 

<p><font si ze="+l"><b>Not a member yet?</b></f ont> 
Get discounts, a newsletter, advance notice of 
new pets, much more. Fill in the information 
below and join. It's easy and free! </b> 
<!-- form for new member to fill in --> 
<form acti on=" Logi n . php?do=new" method=" POST" > 
<P> 

<table border="0" width="100%"> 
<?php 

if ( i sset( $message_new) ) #55 
echo "<tr><td col span= ' 2 ' ><b>$message_new</b> 
</td></tr>" ; 

?> 

<tr><td al ign="right"><b>Member ID</b></td> 
<td><input type="text" name="newname" 
value="<?php echo @$newname ?>" 
size="20" maxlength="20"></td></tr> 
<tr><td al ign="right"><b>Password</b></td> 
<td><input type="password" name="newpass" 
value="<?php echo @$newpass ?>" 
size="10" maxlength="8"></td></tr> 
<tr><td align="right"><b>First Name</b></td> 
<td><input type="text" name="f i rstName" 

value="<?php echo @$firstName ?>" 
size="40" maxlength="40"></td></tr> 
<tr><td al ign="right"><b>Last Name</b></td> 
<td><input type="text" name=" 1 astName" 

value="<?php echo @$lastName ?>" 
size="40" maxlength="40"></td></tr> 
<tr><td al ign="right"><b>Street</b></td> 
<td><input type="text" name="street" 

value="<?php echo @$street ?>" 
size="55" maxlength="50"></td></tr> 
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Listing 12-3 (continued) 
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<tr><td al ign="right"><b>City</b></td> 
<td><input type="text" name="city" 

value="<?php echo @$city ?>" 
size="40" maxlength="40"></td></tr> 
<tr><td al ign="right"><b>State</b></td> 
<td><select narne="state"> 



<?php 



$stateName=getStateName( ) ; 
$stateCode=getStateCode( ) ; 
for ($n=l;$n<=50;$n++) 



#86 
#87 



$state=$stateNarne[$n] ; 
$scode=$stateCode[$n] ; 
echo "<option val ue= ' $scode ' 
if ($scode== "AL") 

echo " selected"; 
echo ">$state\n"; 



?> 



</sel ect> 

    <b>Zip</b> 

<input type = "text" narTie = "zip" 

value="<?php echo @$zip ?>" 
size = "10" niaxsize="10"> 

</td></tr> 
<tr><td al ign=right><b>Phone</b></td> 
<td><input type="test" nanie="phone" 

value="<?php echo @$phone ?>" 
size="15" maxl ength="20"> 
&nbsp ; &nbsp ; &nbsp ; <b>Fax</b> 
<input type="text" name="fax" 

value="<?php echo @$fax ?>" 
size="15" rTiaxlength="20"></td></tr> 
<tr><td align = right><b>ErTiail Address</b></td> 
<td><input type="test" narTie="eniai 1" 

value = "<?php echo @$ernail ?>" 
si ze="55" maxlength = "67"></td></tr> 
<tr><td> </td> 

<td al ign="center"> 

<input type="subrTii t" 

val ue="BecorTie a Member" ></td> 



</tr> 
</table> 
</f orm> 
</td> 
</tr> 

<tr><td colspan= 
</table> 



'3" bgcolor="gray"> </td></tr> 
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<div al i gn="center"><font size="-l"> 

All comments and suggestions are appreciated. Please 

d comments to <a href="mai lto:webmaster@petstore.com"> 
master@petstore .com</A> </font></div> 
</body></html> 



Notice the following points about 1 ogi n_f orm: 



Most of the statements are HTML, with a few small PHP sections here 
and there. 

The two forms that start on lines 23 and 51 set action to the same pro- 
gram, but add a different string to the URL — do = l ogi n or do = new. 

The error messages are shown on the login page by using small PHP sec- 
tions. Each form has its section, and the message has different names for 
the two forms: $message and $message_new. On line 26, the variable 
$message is tested. If it has a value, the message is shown but is not if 
it has no value. If there was no error in the form, the message was never 
set, and no message is displayed. A similar statement on line 55 shows 
error messages for the new member form. 

A selection drop-down list (started on line 84) is provided for the cus- 
tomer to select the state, guarding against typing errors by the customer 
Notice that lines 86 and 87 call functions. These functions are not PHP 
functions; they're my functions. The functions are included in the pro- 
gram on line 8. The functions make arrays from a list of state names and 
a list of two-letter state codes. By using functions, you don't need the 
two lists of 50 states in the program. The functions can be used repeat- 
edly for many programs . The functionl2.inc file contains the two 
functions as follows: 



<?php 

function getStateCodeC ) 
{ 

SstateCode = array(l=> "AL" 
"AK" , 
"AZ" , 

"WY" ); 

return SstateCode; 

) 



function getStateNameC ) 
{ 

$stateName = array(l=> "Alabama", 
"Al aska" , 
"Ari zona " , 
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"Wyoming" ); 
return SstateName; 



A f 0 r loop then creates 50 options for the select list, using the two state 
arrays. 

After running Logi n . php, if the user is successful with a login, the first page 
of the Members Only section is displayed. If the user is successful in obtain- 
ing a new user account, the New_rriernber .php program is run. 



Writing Neu/jmember 

The New Member Welcome page greets new members by name and provides 
information about their accounts. Members then have the choice of entering 
the Members Only section or returning to the main page. Listing 12-4 shows 
the program that displays the page that new members see. 



Listing 1 2-4: Program That Welcomes New Members 

<?php 

/* Program: New_member . php 

* Desc: Displays the new member welcome page. Greets 

member by name and gives user choice to enter 

* restricted section or go back to main page. 
*/ 

sessi on_start( ) ; #7 

if (@$_SESSION['auth'] != "yes") # 9 

{ 

header("Location: Log in. php"); 
exi t( ) ; 

) 

i ncl ude( "dogs . i nc" ) ; #14 
Sconnection = mysql_connect ( $host , $user , $password ) 

or die ("Couldn't connect to server."); #16 
$db = mysql_sel ect_db( $database , $connection) 

or die ("Couldn't select database."); #18 
$sql = "SELECT f i rstName , 1 astName FROM Member 

WHERE 1 oginName=' I $_SESSION[ ' 1 ogname ' ] ) ' " ; 
Sresult = mysql_query ( $sql ) 

or di e( "Coul dn ' t execute query 1."); 
$row = mysql_f etch_array ( $resul t , MYSQL_ASSOC ) ; 
extract( $row) ; 
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echo "<htrTi1> 

<head><title>New Member Wei corTie</titl e></head> 
<body> 

<h2 al i gn= ' center ' style='rriargin-top: .7in'> 
Welcome SfirstName $1 astName</h2>\n" ; #29 
?> 

<p>Your new Member Account lets you enter the Members Only 
section of our web site. You'll find special discounts and 
bargains, a huge database of animal facts and stories, advice 
from experts, advance notification of new pets for sale, 
a message board where you can talk to other Members, and much 
more . 

<p>Your new Member ID and password were emailed to you. Store 

them carefully for future use.<br> 
<div al ign="center"> 

<p styl e="margi n -top : .5in"><b>Glad you could join us!</b> 
<form acti on="Member_page . php" method="POST"> 
<input type=" submi t" 

value="Enter the Members Only Section") 

</f orm> 

<form action = "PetShopFrontMembers .php" method = "POST"> 

<input type=" submi t" value="Go to Pet Store Main Page"> 
</f orm> 
</div> 

</body></html> 

Notice the following points about N e w_m ember. php: 

A session is started on line 7. This makes the session variables stored in 
Logi n . php available to this program. 

V The program checks, beginning on line 9, whether the customer is logged 
in. $auth is set to yes in Log in. php when the customer successfully 
logs in or creates a new account and stored in the $_SESSION array. If 
$auth doesn't equal yes, the customer isn't logged in. If a customer 
tries to run the New_member . php program without running the Logi n . 
php program first, $_SESSION[auth] won't equal yes, and the user will 
be sent to the login page. 

The program gets the customer's first and last name from the database, 
beginning with the database connection statement on line 15. In line 
19/20, the query is created by using $_SESSION[logname] to search for 
the member's information. The session variable 1 ogname that contains 
the Member ID was set in the login program. 

1/^ The PHP section ends on line 30. The remainder of the program is HTML. 

The program uses two different forms to provide two different submit 
buttons. The form statements on lines 41 and 45 start different programs. 
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The customer controls what happens next. If the customer clicks the button 
to return to the main page, the PetShopFront . php programs runs. If the cus- 
jcks the Members Only Section submit button, the first page of the 
^ Only section is shown. 



U/ritin^ the Members Ontt^ section 

The Web pages in the Members Only section are no different than any other 
Web pages. You just want to restrict them to members who are logged in. To 
do this, you start a session and check whether they're logged in at the top of 
every page. The statements for the top of each program are 

sessi on_start( ) ; 

if (@$_SESSION[ ' auth ' ] != "yes") 
I 

header("Location: Log in. php"); 
exit( ) ; 

} 

When sessi on_st art executes, PHP checks for an existing session. If one 
exists, it sets up the session variables. One of the session variables is $ a u t h . 
When the user logs in, $_S E S S 1 0 N [ a u t h ] is set to y e s . If $_S E S S 1 0 N [ a u t h ] 
doesn't equal yes, the user is not logged in, and the program takes the user 
to the login page. 

Planning far Growth 

The original plan for an application usually includes every wonderful thing 
that the user might want it to do. Realistically, it's usually important to make 
the application available to the users as quickly as possible. Consequently, 
applications usually go public with a subset of the planned functionality. 
More functionality is added later That's why it's important to write your 
application with future growth in mind. 

Looking at the login application in this chapter, I'm sure you can see many 
things that could be added to it. Here are some possibilities: 

E-mail a forgotten password. Users often forget their passwords. Many 
login applications have a link that users can click to have their passwords 
e-mailed to them. 

Change the password. Members might want to change their password. 
The application could offer a form for password changes. 
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I \^ Update information. Members might move or change their phone 
' number or e-mail address. The application could provide a way for 
rfM^fibers to change their own information. 

^0«ite a member list. You might want to output a nicely formatted list 
of all the members in the database. This probably isn't something you 
want to make available to other members but just for yourself. In some 
situations, however, you might want to make the list available to all 
members. 

You can easily add any of these abilities to the application. For instance, you 
can add a button to the login form that reads Forgot my password that e-mails 
the password to the e-mail address in the database. The button can run the 
login program with a section for e-mailing the password or run a different 
program that e-mails the password. In the same manner, you can add buttons 
for changing the password or updating the customer information. You don't 
need to wait until an application has all its bells and whistles to let your cus- 
tomers use it. You can write it one step at a time. 
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In this part . . . 

■ he chapters in this part contain hints, tips, and warn- 
B ings based on my experience. Perhaps they can serve as 

a shortcut for you on your journey to becoming a confident 

Web developer I sincerely hope so. 













Chapter 13 

ngs You Might Want to Do 
Using PHP Functions 



In This Chapter 

^ Finding out about many useful functions 
^ Understanding wfiat functions can do 



■ ^ne of tfie strongest aspects of PHP is its many built-in functions. In this 

chapter, 1 list the PHP functions that 1 use most often. 1 describe some of 
them elsewhere in this book, some 1 only mention in passing, and some 1 don't 
mention at all. These aren't all the functions, by any means. There are many 
hundreds of functions in the PHP language. For a complete list of all the func- 
tions, see the PHP documentation at www . php .net. 



Commumcate u/ith MifSQL 



PHP has many functions designed specifically for interacting with MySQL. 1 
describe the following MySQL functions thoroughly in this book, particularly 
in Chapter 8: 



mysql 


_connect( ) ; 


rTiysql_sel ect_db( ) ; 


mysql 


_f etch_array ( ) 


mysql 


_cl ose( ) ; 


rTiysq1_nuni_rows ( ) ; 


mysql 


_query ( ) 



The following functions could be useful, but I either don't discuss them or 
discuss them only briefly in earlier chapters: 

mysql _i nsert_id( ): For use with an AUTO -INCREMENT MySQL column. 
This function gets the last number inserted into the column. 

1/^ mysql _f etch_row( $resul t ): Gets one row from the temporary results 
location. The row is put into an array with numbers as the keys. It's the 
same as mysql_fetch_array ( $row, MYSQL_NUM). 
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\^ mysql_af f ected_rows ( $resul t ): Returns the number of rows that 
were affected by a query — for instance, the number of rows deleted or 
ated. 



l_nuni_f i el ds ( $resul t ): Returns the number of fields in a result. 



rriysql_f i el d_name( $resul t , N ): Returns the name of the row indi- 
cated by N . For instance, rriysql_field_name($result,l) returns the 
name of the second column in the result. The first column is 0. 

If you use any of the above functions with MySQL 4.1, the function's names 
are slightly different. Rather than beginning with rTiysql_, the function names 
begin with mysql i_. 



Send E-Mail 

PHP provides a function that sends e-mail from your PHP program. The 
format is 

mai 1 {address .subject .message .headers) ; 

These are the values that you need to fill in: 

address: The e-mail address that will receive the message. 

1^ subject: A string that goes on the subject line of the e-mail message. 

/^message: The content that goes inside the e-mail message. 

headers: A string that sets values for headers. For instance, you might 
have a headers string as follows: 

"From: nenber-desk@petstore.con\r\nbcc: non@hercompany.com" 

The header would set the From header to the given e-mail address, plus 
send a blind copy of the e-mail message to mom. 

The following is an example of PHP statements that you can use in your 
script to set up and send an e-mail message: 

$to = " j anet@val ade . corn" ; 
$subj = "Test"; 

$rriess = "This is a test of the mail function"; 
$headers = bcc : techsupportSmycompany . comVrXn 
$mailsend = mai 1 ( $to , $subj , Smess , $headers ) ; 
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Sometimes you might have a problem with your e-mail. PHP has a configura- 
tion setting that must be correct before the mail function can connect to your 
;-mail software. The default is usually correct, but if your e-mail 
jeem to be getting to its destination, check the PHP configuration 
mail setting by looking for the following in the output of phpi nf o( ): 



Sendmail path 


( on 


Unix/Linux) 


SMTP 


( on 


Wi ndows ) 



It might be set incorrectly. You can change the setting by editing the p h p . i ni 
file. Look for the following lines: 

[mail function] 
; For Win32 only. 
SMTP = 1 ocal host 

; For Win32 only. 

sendmai l_f rom = nie@localhost.com 

; For Unix only. J|| 

; sendmai l_path = ^ 

Windows users need to change the first two settings. The first setting is 
where you put the name of your outgoing mail server However you send 
e-mail — LAN at work, a cable modem at home, an ISP via a modem — you 
send your mail with an SMTP server, which has an address that you need to 
know. 

If you send directly from your computer, you should be able to find the name 
of the outgoing mail server that you're using in your e-mail software. For 
instance, in Microsoft Outlook Express, choose ToolsOAccountsOProperties 
and then select the Servers tab. Look for the name of your outgoing mail 
server. If you can't find its name, you can ask your e-mail administrator for 
the name. If you use an ISP, you can ask the ISP. The name is likely to be in a 
format similar to the following: 

mai 1 . i spname . net 

The second setting is the return address that is sent with all your e-mail. 
Change the setting to the e-mail address that you want to use for your return 
address, as follows: 



sendmai l_f rom = Janet@Valade.com 



The third setting is for Unix users. The default is usually correct. If it doesn't 
work, you need to talk to your system administrator about the correct path 
to your outgoing mail server This usually refers to Linux as well. 
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Don't forget to remove the semicolon at the beginning of the lines. The semi- 
colon makes the line into a comment, so the setting isn't active until you 
^^J^^^he semicolon. 



Use PHP Sessions 



The functions to open or close a session follow. 1 explain all these functions 
in Chapter 9. 

sessi on_start( ) ; sessi on_destroy ( ) 



Stop \lour Program 

Sometimes you just want your program to stop, cease, and desist. There are 
two functions for this: exi t ( ) and d i e ( ) . Actually, these are two different 
names for the same function. Exit is probably accurate, but sometimes it's 
just more fun to say die. Both functions will print a message when they stop 
if you provide one. The format is 



exi t ( "message st 


ring"); 










When exit executes 


, the message string is output. 





Handle Arrai^s 

Arrays are very useful in PHP, particularly for getting the results from data- 
base functions and for form variables. 1 explain the following array functions 
elsewhere in the book, mainly in Chapter 7: 

array(); extract(); sort(); asortO; 
rsort(); arsort(); ksort(); krsort(); 

Here are some other useful functions: 

Iu^ array_reverse ( $ varname): Returns an array with the values in reverse 
order 
1^ array_uni que(,%varname): Removes duplicate values from an array. 
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i n_array ( "string" , $ varname): Looks through an array $varname for 
a string "string". 

eival uel ,val ue2): Creates an array containing all the values 
een va 1 uel and va 1 ueZ. For instance, range ( ' a ' , ' z ' ) creates 
an array containing all the letters between a and z. 

expl ode ( "sep" ," stri ng" ): Creates an array of strings in which 
each item is a substring of stri ng, separated sep. For example, 
explode(" ",$string) creates an array in which each word in 
$stri ng is a separate value. This is similar to the split function 
in Perl. 

1^ o6e(" gl ue" ,$a rray): Creates a string containing all the values in 
$array with gl ue between them. For instance, i mpl ode ( " , " , $array ) 
creates a string: valuel, value2, valueS, and so on. This is similar to 
the join function in Perl. 



And there are many more useful array functions. PHP can do almost anything 
you can think of that you want to do with an array. 



Check for Variables 



Sometimes you just need to know whether a variable exists. The following 
functions can be used to test whether a variable is currently set: 


i sset( $i/<3rname) ; 
! i sset ( $ varname ) 
empty ($i/arname) ; 


// true 
; // true 
// true 


if variable is set 

if variable is not set 

if value is 0 or is not se 


t 







Format Values 

Sometimes you need to format the values in variables. In Chapter 6, 1 explain 
how to format numbers into dollar format by using nuniber_f ormat ( ) and 
s p r i n t f ( ) . In Chapter 6, 1 also discuss u n s e t ( ) , which removes the values 
from a variable. In this section, 1 describe additional capabilities of 

spri ntf ( ). 

The function spri ntf ( ) allows you to format any string or number, including 
variable values. The general format is 

$newvar = s\ir^ntf {" format" ,%varnamel ,%varnameZ ,...) ; 



Part V: The Part of Tens 



vaiuei^s ) t 



where format gives instructions for the format and $ varname contains the 
value(s) to be formatted, format can contain both literals and instructions 
tting the values in the $ varname. Actually, the format can contain 
als. The following statement is valid: 



mewvar 



sprintfC'I have a pet"); 



This statement outputs the literal string. However, you can also add vari- 
ables, using the following statements: 

Indogs = 5; 
Incats = 2; 

$newvar = sprintfC'I have %s dogs and %s cats",$ndogs,$ncats); 



The %s is a formatting instruction that tells spri ntf to insert the variable 
value as a string. Thus, the output is I have 5 dogs and 2 cats. The % 
character signals spri ntf that a formatting instruction starts here. The for- 
matting instruction has the following format: 



lpad-w1 dth .dectype 



These are the components of the formatting instructions: 
%\ Signals the start of the formatting instruction. 

pad: A padding character that's used to fill out the number when neces- 
sary. If you don't specify a character, a space is used, pad can be a space, 
a 0, or any character preceded by a single quote ('). For instance, it's 
common to pad numbers with 0 — for example, 01 or 0001. 

- . A symbol meaning to left-justify the characters. If this isn't included, 
the characters are right-justified. 

1^ width: The number of characters to use for the value. If the value doesn't 
fill the width, the padding character is used to pad the value. For instance, 
if the width is 5, the padding character is 0, and the value is 1, the output 

is 00001. 

.dec: The number of decimal places to use for a number 

type: The type of value. Use s for most values. Use f for numbers that 
you want to format with decimal places. 



Some possible spri ntf statements are 



sprintf("I have $%03.2f. Does %s have any ? " , Smoney , Sname ) 
sprintf("%'.-20s%3.2f",$product,$price); 
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$030.00. Does Tom have any? 
30.00 



Compare Strings to Patterns 



In earlier chapters in this book, I use regular expressions as patterns to match 
strings. (I explain regular expressions in Chapter 6.) The following functions 
use regular expressions to find and sometimes replace patterns in strings: 



V ereg( "pattern" , ivarname): Checks whether the pattern is found in 
$varname. eregi is the same function except that it ignores upper- and 
lowercase. 

ereg_repl acei" pattern" ," stri ng" ,$ v am awe): Searches for the 
pattern in $ varname and replaces it with the stri ng. eregi_replace 
is the same function except that it ignores upper- and lowercase. 



Find Out about Strings 



Sometimes you need to know things about a string, such as how long it is or 
whether the first character is an uppercase O. PHP offers many functions for 
checking out your strings: 



strl en ( $varname): Returns the length of the string. 

1^ strpos( "string" , "substring" ): Returns the position in stri ng 
where substri ng begins. For instance, strpos( "hel 1 o" , "el " ) 
returns 1. Remember that the first position for PHP isO. strrposC) 
finds the last position in s t r i n g where substring begins. 

1^ suhstri" stri ng" ,nl ,n2): Returns the substring from stri ng that 
begins at nl and is n2 characters long. For instance, 
substrC hello ",2,2) returns 1 1 . 

1^ strtr ( $ varname ," strl" ," str2" ): Searches through the string 
$varname tor strl and replaces it with s £ every place that it's 
found. 

strrev ( $varname): Returns the string with the characters reversed. 



Many, many more string functions exist. See the documentation at 
www . php . net. 
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uppercase letters to lowercase and vice versa is not so easy. Bless 
PHP for providing functions to do this for you: 

strtol ower( $varname): Changes any uppercase letters in the string to 
lowercase letters 

1/^ strtoupperC ivarname): Changes any lowercase letters in the string to 
uppercase letters 

1/^ ucfir St ($varname): Changes the first letter in the string to uppercase 

1^ ucwords i$ va rname): Changes the first letter of each word in the string 
to uppercase 



I . 
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In This Chapter 

^ Recognizing common PHP errors 
^ Interpreting error messages 



f 

■ guarantee that you will do all the things that I mention in this chapter. It s 

not possible to write programs without making these mistakes. The trick 
is to find out how to recognize them, roll your eyes, say, "Not again," and then 
fix them. One error message that you will see many times is 

Parse error: parse error in c:\test.php on line 7 

This is PHP's way of saying, "Huh?" It means it doesn't understand some- 
thing. This message helpfully points to the file and the line number where 
PHP got confused. Sometimes it's directly pointing at the error, but some- 
times PHP's confusion results from an error earlier in the program. 



Missing Semicotons 

Every PHP statement ends with a semicolon (;). PHP doesn't stop reading a 
statement until it reaches a semicolon. If you leave out the semicolon at the 
end of a line, PHP continues reading the statement on the following line. For 
instance, consider the following statement: 

$test = 1 
echo $test; 

Of course, the statement doesn't make sense to PHP when it reads the two 
lines as one statement, so it complains with an error message, such as the 
annoying 

Parse error: parse error in c:\test.php on line 2 



Before you know it, you'll be writing your home address with semicolons at 
the end of each line. 
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ask whether two values are equal in a comparison statement, you 
need two equal signs (==). Using one equal sign is a common mistake. It's per- 
fectly reasonable because you have been using one equal sign to mean equal 
since the first grade when you discovered that 2 + 2 = 4. This is a difficult mis- 
take to recognize because it doesn't cause an error message. It just makes your 
program do odd things, like infinite loops or if blocks that never execute. I'm 
continually amazed at how long 1 can stare at 

$test = 0; 

while ( $test = 0 ) 

{ 

$test++; 



and not see why it's looping endlessly. 



Misspelled Variable Names 

This is another PHP gotcha that doesn't result in an error message, just odd 
program behavior. If you misspell a variable name, PHP considers it a new 
variable and does what you ask it to do. Here's another clever way to write 
an infinite loop: ^ 

$test =0; - 

while ( $test == 0 ) 

{ 

$Test++; 

) 

Remember: To PHP, $ test is not the same variable as $ Test. 



Missing dollar Siqns 

A missing dollar sign in a variable name is really hard to see, but at least it 
usually results in an error message so that you know where to look for the 
problem. It usually results in the old familiar parse error: 

Parse error: parse error in test.php on line 7 
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ave too many, too few, or the wrong kind of quotes. You have too 
many when you put quotes inside of quotes, such as 

ttest = "<table width = "100°^">" ; 



PHP will see the second double quote (") — before 100 — as the ending 
double quote (") and read the 1 as an instruction, which makes no sense. 
Voila! Another parse error. The line must be either 



$test = "<table wi dth= ' 100% ' >" ; 



or 



$test = "<table width=\"100%\">" ; 



You have too few quotes when you forget to end a quoted string, such as 



$test = "<table wi dth= ' 100% ' > ; 



PHP will continue reading the lines as part of the quoted string until it encoun- 
ters another double quote ("), which might not occur for several lines. This 
is one occasion when the parse error pointing to where PHP got confused is 
not pointing to the actual error. The actual error occurred some lines previ- 
ously, when you forgot to end the string. 

You have the wrong kind of quotes when you use a single quote ( ' ) when you 
meant a double quote (") or vice versa. The difference between single and 
double quotes is sometimes important, and 1 explain it in Chapter 6. 



ln(/i$ibte Output 

Some statements, such as the header statement, must execute before the pro- 
gram produces any output. If you try to use such statements after sending 
output, they fail. The following statements will fail because the header mes- 
sage isn't the first output: 

<htrril> 
<?php 

headerC'Location: http://corTipany.corTi") ; 

?> 



Part V: The Part of Tens 



D Books 

neac 



<html > is not in a PHP section and is therefore sent as HTML output. The fol- 
lowing statements will work: 



derC'Location: http://cornpany.corn") ; 
?> 

<htrTrl> 

The following statements will fail: 

<?php 

headerC'Location: http://corTrpany.corTr") ; 

?> 

<htrrrl> 

because there's one single blank space before the opening PHP tag. The blank 
space is output to the browser, although the resulting Web page looks empty. 
Therefore, the header statement fails because there is output before it. This 
is a common mistake and difficult to spot. 



Numbered Arrai^s 

PHP believes the first value in an array is numbered zero (0). Of course, 
humans tend to believe that lists start with the number one (1). This funda- 
mentally different way of viewing lists results in us humans believing an array 
isn't working correctly when it's working just fine. For instance, consider the 
following statements: 

$test = 1; 

while ( $test <= 3 ) 
I 

$array[] = $test; 
$test++; 

) 

echo $array[3]; 

Nothing is displayed by these statements. I leap to the conclusion that there's 
something wrong with my loop. Actually, it's fine. It just results in the follow- 
ing array: 

$array [0]=1 
$array[l]=2 
$array[2]=3 

And doesn't set anything into $array [3]. 
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Jle is read in using an i ncl ude statement in a PHP section, it seems 
reasonable to me that ttie statements in the file will be treated as PHP state- 
ments. After all, PHP adds the statements to the program at the point where I 
include them. However, PHP doesn't see it my way. If a file named filel . i n c 
contains the following statements: 

if ( $test == 1 ) 
echo "Hi"; 

and 1 read it in with the following statements in my main program: 



<?php 

$test = 1; 
include ("filel. 
?> 


i n c " ) ; 








I expect the word H i to appear on the Web pa 
ally displays this: 


Lge. However, the Web page actu- 


if ( $test == 1 


) echo "Hi 








Clearly, the file that is included is 
f i 1 el . i nc needs to contain the i 


seen as HTML. To send H i to the Web page, 
following statements: 


<?php 

if ( $test == 1 
echo "Hi" 

?> 


) 









Missing Mates 

Parentheses and curly brackets come in pairs and must be used that way. 
Opening with a ( that has no closing ) or a { without a ) will result in an 
error message. One of my favorites is using one closing parenthesis where 
two are needed, as in the following statement: 

if ( isset($test) 

This statement needs a closing parenthesis at the end. It's much more diffi- 
cult to spot that one of your blocks didn't get closed when you have blocks 
inside of blocks inside of blocks. For instance, consider the following. 
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while ( $test < 3 ) 

test2 != "yes" ) 

tests > 4 ) 

echo "go"; 

} 

} 



You can see there are three opening curly brackets and only two closing ones. 
Imagine that 100 lines of code are inside these blocks. It can be difficult to 
spot the problem — especially if you think the last closing bracket is closing 
the while loop, but PHP sees it as closing the i f loop for $ test 2. Somewhere 
later in your program, PHP might be using a closing bracket to close the while 
loop that you aren't even looking at. It can be difficult to trace the problem in 
a large program. 

Indenting blocks makes it easier to see where closing brackets belong. Also, I 
often use comments to keep track of where 1 am, such as 



while ( $test < 3 ) 
{ 

if ( $test2 != "yes" ) 
{ 

if ( $test3 > 4 ) 
{ 

echo "go" ; 

) // closing if block for $test3 
) // closing if block for $test2 
) // closing while block 



Confusing Parentheses and Brackets 

I'm not sure whether this is a problem for everyone or just a problem for me 
because 1 refuse to admit that I can't see as well as 1 used to. Although PHP 
has no trouble distinguishing between parentheses and curly brackets, my 
eyes are not so reliable. Especially while staring at a computer screen at the 
end of a ten-hour programming marathon, 1 can easily confuse ( and { . Using 
the wrong one gets you a parse error message. 
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In this part . . . 

M his part provides instructions for installing MySQL 
P and PHP. Appendix C provides installation and config- 
uration information that could be helpful if you need to 
install Apache. ^ 
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Installing MySQL 




Ithough MySQL runs on many platforms, I describe how to install it on 
r • Linux, Unix, Windows, and Mac, which together account for the major- 
ity of Web sites on the Internet. Be sure to read the instructions all the way 
through before beginning the installation. 

MySQL can be installed most easily from binaries — precompiled, ready-to- 
install packages. Binaries are available for most operating systems: Linux, 
Windows, Mac, FreeBSD, many flavors of Unix, and others. If such a package 
is available for your operating system, use it. Only install MySQL from source 
if it's totally necessary, such as when there's no binary for your operating 
system or you need some functionality that's not compiled into the binaries 
(for example, a different character set). 

If you have trouble starting the MySQL server after installing it, check the 
error log for useful information. The error log is located in the data directory 
and has the extension .err. 



In most cases, when you download and install MySQL, the server is started 
automatically. If it isn't or if you need to stop and start it for another reason, 
you can start it manually using the Wi nMy SQ Ladmi n utility that is installed 
with MySQL, as 1 describe in the upcoming section, "Starting the MySQL 
server." You can also use WinMySQLadmin to set up MySQL so that it starts 
every time your computer starts. 
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MySQL on Windows, follow these steps: 



1. Point your Web browser to www. mysql . com, the MySQL home page. 

2. Click the Production version number link. 

Look for the section under the heading Database Server. As of this writ- 
ing, the production release is 4.0.17. 

MySQL 4.0.x is supported by PHP 4 or 5. Support for MySQL 4.1.x is pro- 
vided beginning with PHP 5. 

3. Scroll down the screen until you come to the Windows Downloads 
heading. 

4. Click the download link for the Windows binary labeled Windows 95/ 
98/NT/2000/XP/2003 . This binary includes an installer. 

A dialog box opens. 

5. Select the option to save the Hie. 

A dialog box opens that lets you select where you want the file saved. 

6. Navigate to where you want to save the file (for example, 
c : Xdownl oads). Then click Save. 

After the download, you see a Zip file in the download location (for 
example, c : \downl oads) containing the MySQL files. The file is named 
mysql-, followed by the version number and - w i n . z i p — for instance, 
mysql - 4.0.17-win.zip. 

7. Use your favorite Zip utility to unzip the files and save them in a tem- 
porary location (for example, c : \downl oadsXmysql). 

Two popular Zip utilities are PKZIP at www . pkwa re .com and WinZip at 

www .wi nzi p . com. 

8. Navigate to the temporary directory where the unzipped files are 
stored. Then double-click setup, exe. 

Note: If you're installing from a Windows NT/2000/XP system, be sure 
that you're logged into an account with administrative privileges. 

The opening screen shown in Figure A-1 is displayed. 

9. Click Next. 

The license is displayed. 
10. Click the 1 Agree button to continue. 

You see a screen showing the directory where MySQL will be installed. 
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Figure A-1: 

The opening 
screen of 
the MySQL 
setup 
program. 



tm I Welcome to the MySQL Servers and Clients 3 23.44 
Setup program. This program will install MySQL 
" Servers and Clients 3.23.44 on your computer. 



It is strongly recommended that you exit all Windows programs 
before running this Setup program. 



CNck Cancel to quit Setup and then close any programs you 
have running. Click Next to continue with the Setup program. 



WARNING: This program is protected by copyright law and 
international treaties. 

Unauthorized reproduction or distribution of this program, or any 
portion of it. may lesult in severe civil and criminal penalties, and 
will be prosecuted to the maximum extent possible under law. 



1 1. If you want to install MySQL in the default directory, c : \mys ql , click 
Next. If you want to install MySQL in a different directory, click Browse, 
select a directory, and click OK; then click Next. 

You see a screen in which you can choose the type of installation. 

12. Select Typical and then click Next. 

The installation of MySQL begins. A message appears when the installa- 
tion is complete. 

The server might or might not have been started during installation. If it is 
running, you should see a traffic signal in your system tray (bottom of your 
screen) with a green light showing. If it isn't running, check out the next 
section. 



Starting the Mt^SQL seri/er 

You can start and stop your server manually, although you're more likely to 
want the MySQL server to be running whenever your computer is running. To 
see how to set up MySQL so that it starts when the computer boots up, see 
the next section. 
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On Windou;s 98/Me 

can start and stop your server with WinMySQLadmin, a program that 
lied with MySQL. The WinMySQLadmin program is responsible for 
'g the traffic signal in your system tray. If the traffic signal is displayed, 
WinMySQL is running. If the traffic signal is not in your tray, you need to start 
WinMySQLadmin. 



If WinMySQLadmin is not running, you might be able to start it from your 
Startup menu: Choose Start'i>Programs'=^StartupC> WinMySQLadmin. If you 
can't find it on your Startup menu, use Windows Explorer to navigate to the 
bin directory in the directory where MySQL is installed (for example, c : \ 
mysql \ bi n) and double-click WinMySQLadmin. When it's started, you should 
be able to see the traffic signal in your system tray. 

To start or stop the MySQL server by using WinMySQLadmin, follow these 
steps: 

1. Right-click the traffic signal in your system tray. 
You see a short menu. 

2. Select your operating system: Windows 9x. 

3. To start or stop, click either Start the Server or Stop the Server. 

4. Exit WinMySQLadmin by right-clicking in the WinMySQLadmin 
window and then clicking Hide Me. 



On Windou;s m/2000/KP ■ 

You can start your MySQL server directly by navigating to the b i n subdirec- 
tory in the directory where MySQL is installed (such as c : \ rnysql \ bi n) and 
then double-clicking the file mysql d . exe. 

The above procedure might not work if the WinMySQLadmin program isn't 
running (if there is no traffic signal on your system tray). In this case, you can 
either start the WinMySQL program by double-clicking it or start the MySQL 
server with a DOS Window console. If you are having problems, it is often 
useful to start the server with a console because some helpful error mes- 
sages will be displayed. 



To start the MySQL server with a console, follow these steps: 



1. Open a command prompt window. 

For instance, choose StartOProgramsOAccessoriesOCommand Prompt. 

2. Change to the bin directory for MySQL. 



For instance, CD c:\niysql\bin. 
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3. Type mysqld — console. 
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A message is displayed telling you that the server started. The window 
ains open and ready to receive any more messages from the server, 
close the window. 



You might be able to stop the server using Wi nMySQLadmi n if it is running 
by right clicking the traffic signal, selecting Win NT from the menu displayed, 
and then clicking Stop the Server If this doesn't work, you can use the follow- 
ing steps: 

1. Open a command prompt window. 

For instance, choose StartOProgramsOAccessoriesOCommand Prompt. 

2. Change to the bin directory for MySQL. 

For instance, CD c:\rriysql\bin. 

3. Type mysqladmin -u root -p shutdown. j 

The - u is followed by an account name — in this case, root, which 
was installed when MySQL was installed. If you use the - p, you will be 
prompted for a password. Unless you installed a password, you shouldn't 
need one, so leave out the - p. 



Setting up the seri/er to start When the 
computer starts ■ 

In most cases, you want to set up your MySQL server so that it is running 
whenever your computer is running. 

On WindovUs 98/Me 

If you want to set up your MySQL server so that it starts every time your 
computer starts, start Wi nMySQLadmi n as 1 describe in the previous section 
and then follow these steps: 

1. Click the my.ini Setup tab. 

2. Click Create ShortCut on Start Menu in the bottom-left corner of the 
screen. 

3. Exit WinMySQLadmin by right-clicking in the WinMySQLadmin 
window and then choosing Hide Me. 

On WindovUs m/2000/XP 

To set up the MySQL server so that it starts every time the computer boots, 
set it up as a service. The installation procedure might have set it up as a ser- 
vice. You can check whether MySQL is a service as follows: 
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1. Open the services window at StartOSettingsOControl PanelO 
Administrative Tools->Services. 



DBooks 

2. Scro 



ndow showing a list of all the services opens. 

Scroll down the list to see whether MySQL is listed. 

If it is not, it is not set up as a service. See how to set it up as a service 
later in this section. 

3. Select the Startup Type. 

It should say Automatic. If it doesn't, do the following: 

1. Right click the entry for MySQL. 

2. Choose Properties from the menu that is displayed. 

3. Select Automatic from the Startup Type drop-down list in the 
middle of the window. 

4. Click OK. 

If MySQL was not shown in the list of services, you can set it up as a service 
as follows: 

1. Open a command prompt window. 

For instance, choose StartOProgramsOAccessoriesOCommand Prompt. 

2. Change to the bin directory for MySQL. 

For instance, CD c:\niysql\bin. 

3. Type mysqld — install. 

A message is displayed telling you the service was successfully installed. 

If you need to remove the MySQL server from the services list, such as when 
you are about to upgrade to a newer version, follow the steps 1 and 2 above. 
For step 3, type mysqld — remove. 



On LinuK/UniK 



UsinqRPM (LimKontt^) 

MySQL can be installed on Linux using RPM. Although RPM stands for Red Hat 
Package Manager, RPM is available on most flavors of Linux, not just Red Hat. 
Using RPM is the easiest way to install on Linux. If installing from an RPM file 
doesn't work for you, try using a ready-to-install package called a binary, 
which is also easy to install; for installation instructions, see the section. 
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"From binary files." If neitfier of tfiese metfiods works for you, you can always 
install MySQL from source files. To do this, follow the instructions in the sec- 
m source files." 



You can download the RPM file using the following instructions. However, the 
RPM file might already be on the CD that your Linux operating system came on. 
Installing the RPM file from a CD saves you the trouble of downloading (you 
can skip Steps 1-9 in the following list), but if the version of MySQL on your 
CD is not the most recent, you might want to download an RPM file anyway. 



To install MySQL on Linux from an RPM file, follow these steps: 



1. Point your Web browser to www. mysql . com, the MySQL home page. 

2. Click the Production version number link. 

Look in the list on the right side of the screen, labeled MySQL Products. 
Look for the section under the heading Database Server. As of this writ- 
ing, the production release is 4.0.17. 

3. Scroll down the screen until you come to the Linux x86 RPM 
Downloads heading. 

This section lists several downloads for Linux. 

4. Click the download link for the standard server. This should be the 
first entry. 

A dialog box opens. ■ 

5. Select the option to save the Hie. 

A box opens that lets you select where you want to save the file. 

6. Navigate to where you want to save the RPM (for example, / usr/src/ 
mysql). Then click Save. 

7. Repeat Steps 5-7 to download the RPM file for Client Programs into 
the same download location. 

8. Change to the directory where you saved the download. 

For instance, type cd /usr/src/mysql . You see two files in the 
directory — one file named MySQL-server-, followed by the version 
number and . i 386 . rpm, and a second file named similarly with cl i ent 
embedded in its name. For example: MySQL-4 . 0 . 15-0 . i 386 . rpm and 

MySQL-client-4. 0.15 -0.1386. rpm. 

9. Install the RPM by entering this command: 

rpm -i 1 i stof packages 

For instance, using the example in Step 10, the command would be this: 

rpm -i MySQL-server-4 . 0 . 17 -0 . i 386 . rpm MySQL-cl i ent- 
4. 0.17-0. 1386. rpm 
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This command installs the MySQL packages. It sets the MySQL account 
and group name that you need, and creates the data directory at /va r/ 
/mysql . It also starts the MySQL server and creates the appropriate 
lies in /etc/red so that MySQL starts automatically whenever your 
computer starts. 



You need to be using an account that has permissions to successfully 
run the rpm command, such as a root account. 

10. To test that MySQL is running okay, type this: 

bi n/mysql admi n --version 

You should see the version number of your MySQL server. 



From binari^ files 

Ready-to-use, compiled binary files are available for several flavors of Linux 
and Unix. If none of the flavors work for your Linux/Unix machine, you can 
install MySQL from source files, but it's better to use a binary if at all possi- 
ble. As of this writing, MySQL binary files were available for the following fla- 
vors of Unix, but more could be made available at any time: 

Solaris 
1^ HP-UX 
1^ MX 
i^SCO 
SGI Irix 
Dec OSF 
1^ QNX 
1^ BSDi 
1^ OpenBSD 
1^ FreeBSD 

To install a binary file version of MySQL on Linux or Unix, follow these steps: 

1. Point your Web browser to www. mysql . com, the MySQL home page. 

2. Click the Production version number link. 

Look in the list on the right side of the screen, labeled MySQL Products. 
Look for the section under the heading Database Server. As of this writ- 
ing, the production release is 4.0.17. 



I . 
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3. Scroll down the screen until you come to the heading for Linux or for 
your version of Unix (for example, Solaris Downloads). 



4. Locate the correct package for your version of operating system. 

For Linux, you probably want the Intel libc6 binary version. For Unix, 
select the correct version of the Unix system — for example, Solaris 9 
(SPARC, 64-bit). 

5. Click the download link for the standard version for your operating 
system. 

A dialog box opens. 

6. Select the option to save the Hie. 

A box opens that lets you select where you want to save the file. 

7. Navigate to where you want to install MySQL. Then click Save. 

The standard location is/usr/local; it's best to use this location if 
possible. 

8. After the download is complete, change to the download directory — 
for instance, cd /usr/local. 

You see a file named mysql - , followed by the version number, the name 
of the operating system, and .tar.gz — for instance, rriysql-4.0.17- 
sun-solaris2.9-sparc.64bit-tar.gz. This file is a tarball. 

9. Create a user and group ID for MySQL to run under by using these 
commands: 

groupadd mysql 
useradd -g mysql mysql 

The syntax for the commands might differ slightly on different versions 
of Unix, or they might be called adduser and addgroup. 

Note: You must be using an account that is authorized to add users and 
groups. 

10. Unpack the tarball by typing this: 

gunzip -c filename \ tar -xvf - 

For example: 

gunzip -c mysql -4.0. 17-sun-sol ari s2.9-sparc-64bit. tar .gz | tar -xvf - 

Note: You must be using an account that is allowed to create files in 

/usr/1 oca 1 . 




section lists several downloads for that operating system. 



Part VI: Appendixes 



DropBook^ 



11. Create a link to the new directory so that you can refer to it by a 
shorter name, rather than its current, difficult-to-type name. Type 
.following: 



s newdi rectoryname mysql 



For example: 

In -s mysql -4 . 0 . 17 -sun -sol ari s2 . 9-sparc-64bi t mysql 

Now you can refer to the directory as mysql , instead of by its long name. 

1 2. Change to the new directory by typing c d my s q 1 . 

You should see several subdirectories, including / bin and /scri pts. 

13. Add the path to the bin directory (for example, /usr/l ocal /mysql / 
bi n) to your system path so that the MySQL programs can be accessed 
by any programs that need to access MySQL. 

You should do this by editing the file that sets the system variables 
when your computer starts up. 

14. Type the following: 

scri pts /mysql _i nstal l_db 

This command runs a script that initializes your MySQL databases. 

15. Make sure that the ownership and group membership of your MySQL 
directories are correct. Set the ownership with these commands: 

chown -R root /us r/1 ocal /mysql 
chown -R mysql /usr/l ocal /mysql /data 
chgrp -R mysql /usr/l ocal /mysql 

These commands make root the owner of all the MySQL directories 
except data and make mysql the owner of data. All MySQL directories 
belong to group mysql . 

16. Set up your computer so that MySQL starts automatically when your 
machine starts by copying the file mysql . server from /usr/l ocal / 
mysql/support files to the location where your system has its 
startup files. 

17. To test MySQL, you can start your server manually, without restarting 
your computer, by typing the following: 

bi n/safe_mysql d --user=mysql & 

18. To test that MySQL is running okay, type 

bi n/mysql admi n --version 

You should see the version number of your MySQL server 
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u decide to install MySQL from source files, check for binary files for 
rating system. MySQL binary files are precompiled, ready-to-install 
packages for installing MySQL. MySQL binary files are very convenient and 
reliable. 



You install MySQL by downloading source files, compiling the source files, 
and installing the compiled programs. This process sounds terribly technical 
and daunting, but it's not. Read all the way through the following steps before 
you begin the installation procedure. 

To install MySQL from source code, follow these steps: 

1. Point your Web browser to www . mysql . com, the MySQL home page. 

2. Click the Production version number link. 

Look in the list on the right side of the screen, labeled MySQL Products. 
Look for the section under the Database Server heading. As of this writ- 
ing, the production release is 4.0.17. 

3. Scroll to the bottom of the screen to the Source Downloads heading. 

This section lists several downloads. 

4. Locate the tarball version and click the download link next to it. 
A dialog box opens. 

5. Select the option to save the file. 

A box opens that lets you select where the file will be saved. 

6. Navigate to where you want to install MySQL and then click Save. 

The standard location is / usr/1 ocal . It is best to use the standard loca- 
tion if possible. 

7. After the download is complete, change to the download directory — 
for instance, cd /usr/l ocal . 

You see a file named mysql - , followed by the version number and 
. tar . gz. — for instance, mysql-4.0.17.tar.gz. This file is a tarball. 

8. Create a user and group ID for MySQL to run under by using the fol- 
lowing commands: 

groupadd mysql 
useradd -g mysql mysql 

The syntax for the commands might differ slightly on different versions 
of Unix, or they might be called adduser and addgroup. 

Note: You must be using an account that is authorized to add users and 
groups. 
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9. Unpack the tarball by typing 

gunzip -c filename \ tar -xvf 



xample: 

gunzip -c mysql -3 . 23 .44 . tar . gz | tar -xvf - 

You see a new directory named mysql version — for instance, 
mysql -4.0.15. 

You must be using an account that is allowed to create files in 

/usr/1 oca 1 . 

10. Change to the new directory. 

For instance, type cd mysql -4. 0 . 17. 

11. Type the following: 

./configure -- pref i x= /usr/1 oca 1 /mysql 

You see several lines of output. The output will tell you when configure 
is done. This might take some time. 

12. Type make. 

You see many lines of output. The output will tell you when make is 
done, ma ke might run for some time. 

13. Type make install. g 
make i nstal 1 will finish quickly. 

Note: You might need to run this command as root. 

14. Type the following: 

scri pts/mysql_i nstal l_db . 

This command runs a script that initializes your MySQL databases. 

15. Malce sure that the ownership and group membership of your MySQL 
directories are correct. Set the ownership with these commands: 

chown -R root /usr/1 ocal /mysql 
chown -R mysql /usr/1 ocal /mysql /data 
chgrp -R mysql /usr/1 ocal /mysql 

These commands make root the owner of all the MySQL directories 
except data and make mysql the owner of data. All MySQL directories 
belong to group mysql . 

16. Set up your computer so that MySQL starts automatically when your 
machine starts by copying the file mysql . server from /usr/1 ocal / 
mysql/support files to the location where your system has its 
startup files. 
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17. To test MySQL, you can start your server manually, without restarting 
your computer, by typing the following: 



'n/saf e_rTiysql d --user=rTiysql & 



18. To test that MySQL is running okay, type: 

bi n/mysql admi n --version 

You should see the version number of your MySQL server 



On Mac 

You can download MySQL using a Mac OS X 10.2 (Jaguar) PKG binary package. 
If your operating system is OS X 10.1 or earlier, you can't use this package. 
You will need to download a tarball and install MySQL from source code, as 
described in the previous section. 



1. Point your Web browser to www. mysql . com, the MySQL home page. 

2. elicit the Production version number linlt. 

Look in the list on the right side of the screen, labeled MySQL Products. 
Look for the section under the heading Database Server. As of this writ- 
ing, the production release is 4.0.17. 

3. Scroll down the screen to find the section with the heading Mac OS 
Paclcage Installer Downloads. 

This section lists several downloads. 

4. Locate the standard version and then click the download link next to it. 
A dialog box opens. 

5. Select the option to save the file. 

A box opens that lets you select where the file will be saved. 

6. Navigate to where you want to install MySQL and then click Save. 

The standard location is /usr/l ocal . It is best to use the standard loca- 
tion if possible. 

7. After the download is complete, change to the download director — 
for instance, / usr/l ocal. 

You see a package named mysql - standard, followed by the version 
number and dmg, such as mysql -standard-4 . 0.17. dmg. If the down- 
loaded file does not have the extension .dmg, change the filename to 
give it the .dmg extension. 
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Create a user and a group named mysql for MySQL to run under. In 

most newer Mac versions, this user and group already exist. 



dnt the disk image by double-clicking its icon in the Finder. 

Double-click the package icon to install the MySQL PKG. 

The package installer will run and install the package. It installs MySQL 
in the directory /usr/local/mysql-, followed by the version number. It 
also installs a symbolic link / u s r / 1 o c a 1 / my s q 1 / pointing to the direc- 
tory where MySQL is installed. It also initializes the database by running 
the script rnysql_i nstal l_db, which creates a MySQL account called 
root. 

11. You might need to change the owner of the mysql directory. 

The directory where MySQL is installed (for example, / usr/local/ 
mysql -4 . 0 . 1 7) should be owned by root. The data directory (such as, 
/usr/local/ my sql-4.0.17/dat a) should be owned by the account 
mysql . Both directories should belong to the group mysql . If the user 
and group are not correct, change them with the following commands: 

sudo chown -R root /usr/1 ocal /mysql -4 . 0 . 17 

sudo chown -R mysql /usr/1 ocal /mysql -4 . 0 . 17/data 

sudo chown -R root /usr/1 ocal /mysql -4 . 0 . 17/bi n 

12. Start the MySQL server using the following commands: 



cd /usr/local/mysql 
sudo . /bi n/mysql d_saf( 
if necessary, enter yi 
Press Ctrl -Z 
bg 

Press Ctrl -D or type i 


our passwo 
exi t 


rd 





This starts the server manually, meaning you must start the MySQL 
server every time you restart your computer. To have your server start 
every time the computer is started, you need to install the MySQL 
Startup Item, which is included in the installation disk image in a sepa- 
rate installation package. To install the Startup Item, double-click the 
MySQLStartupltem.pkg icon. 

To stop the MySQL server, change to the b i n subdirectory in the directory 
where MySQL is installed and type 

mysqladmin -u root -p shutdown 

The -p causes mysql a dm i n to prompt you for a password. If the account 
doesn't require a password, don't include p. 
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ads a configuration file when it starts up. If you use the defaults or 
an installer, you probably don't need to add anything to the configuration file. 
However, if you install MySQL in a nonstandard location or want the databases 
to be stored somewhere other than the default, you might need to edit the 
configuration file. 



The file is named my . i n i or my . cn f . It's located in your system directory 
(such as WINNT) if you are using Windows and in / etc on Linux/Unix/Mac. 
The file looks something like the following: 



[mysql d] 

basedi r=D : /mysql 4 
datadi r=D: /mysql 4 /data 
#port=3306 



The basedi r line tells the MySQL server where MySQL is installed. The 
datadi r line tells the server where the databases are located. The # at the 
beginning of the last line makes the line inactive. You could remove the # and 
change the port number to tell the server to listen for database queries on a 
different port. 
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Ithough PHP runs on many platforms, I describe installing it on 
r » Unix/Linux/ Mac and Windows, which includes the majority of Web sites 
on the Internet. PHP runs with several Web servers, but these instructions 
focus mainly on Apache and Internet Information Servers (IIS) because 
together they power almost 90 percent of the Web sites on the Internet. If you 
need instructions for other operating systems or Web servers, see the PHP 
Web site (www .php.net). 

This section provides installation instructions for PHP 5. If you're installing 
an earlier version, there are some small differences, so read the file 
i nstal 1 . txt provided with the PHP distribution. 

hstattirtq PHP on Unix/Linux/Mac 
Apache i - 

On UniK/LinuK 

You can install PHP as an Apache module or as a stand-alone interpreter If 
you're using PHP as a scripting language in Web pages to interact with a data- 
base, install PHP as an Apache module. PHP is faster and more secure as a 
module. I don't discuss PHP as a stand-alone interpreter in this book. 

You install PHP by downloading source files, compiling these files, and 
installing the compiled programs. This process isn't as technical and daunt- 
ing as it sounds. 1 provide step-by-step instructions in the next few sections. 
Read all the way through the steps before you begin the installation 
procedure. 

For Linux users only: PHP for Linux is available in an RPM as well as in 
source files. It might be in RPM format on your distribution CD. However, 
when you install PHP from an RPM, you can't control the options that PHP is 
installed with. For instance, you need to install PHP with MySQL support 
enabled, but the RPM may not have MySQL support enabled. MySQL is 
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popular, so many RPMs enable support for it, but it is out of your control. 
Also, an RPM usually enables all the most popular options, so an RPM might 
tions that you don't need. Consequently, the simplest and most effi- 
to install PHP could be from the source. If you're familiar with 
RPMs, feel free to find an RPM and install it. RPMs are available. However, 1 
am providing steps for source code installation, not RPMs. 



Before instattinq 

Before beginning to install PHP, check the following: 

The Apache module mod_so is installed. It usually is. To display a list 
of all the modules, type the following: 

httpd -1 . 

You might have to be in the directory where httpd is located before 
the command will work. The output usually shows a long list of modules. 
All you need to be concerned with for PHP is mod^so. If niod_so is not 
loaded. Apache must be reinstalled using the enabl e modul e=so option. 

The apxs utility is installed, apxs is installed when Apache is installed. 
You should be able to find a file called apxs. If Apache were installed on 
Linux from an RPM, apxs might not have been installed. Some RPMs for 
Apache consist of two RPMs: one for the basic Apache server and one 
for Apache development tools. Possibly the RPM with the development 
tools, which installs apxs, needs to be installed. 

1^ Apache version is recent. See Appendix C for information about Apache 
versions. 

To check the version, type the following: 

httpd --V 

You might have to be in the directory where httpd is located before the 
command will work. 

instaUing 

To install PHP on Unix/Linux with an Apache Web server, follow these steps: 

1. Point your Web browser to www . php . net, the PHP home page. 

2. Click Downloads. 

3. Click the latest version of the PHP source code, which is version 5.0.0 
as of this writing. 

The file you are about to download contains many files compressed into 
one file — a tarball. 

A dialog box opens. 
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4. Select the option to save the file. 

A dialog box opens that lets you select where the file will be saved. 




jigate to where you want to save the source code (for example, 
/ us r/s rc). Then click Save. 

After the download, change to the download directory (for instance, 

cd/usr/src). 

You see a file named p h p - , followed by the version name and t a r . g z . 
Unpack the tarball. The command for PHP version 5.0.0 is 

gunzip -c php-5 . 0 . 0 . tar . gz | tar -xf - 
A new directory called php-5. 0.0 is created with several subdirectories. 



Change to the new directory that was created when you ui 
tarball. For example: 


ipacked the 


cd php-5. 0.0 






Type the configure command. 

Use one of the two following configure 


commands: 




./configure - -wi th -mysql =DI R --v 
./configure - -wi th -mysql i =DI R -- 


vi th -apxs 
-with-apxs 




Use mysql if you're using MySQL 4.0 or earlier; use mysql i if you're 
using MySQL 4.1 or later DI R is the path to the appropriate MySQL 
directory. When using w i t h - my s q 1 , use the path to the directory where 
mysql is installed, for instance: 


--with-mysql=/user/loc 


:al /mysql 





When using w i t h - my s q 1 i , use the path to the file named my s q 1 _ 
conf i g. 

If you're using Apache 2, use the option wi th - apxs2. (See Appendix C 
for information on using Apache 2.) 

You will see many lines of output. Wait until the configure command has 
completed. This might take a few minutes. If the configure command 
fails, it provides an informative message. Usually, the problem is missing 
software. You see an error message indicating that xyz software can't be 
found or that xyz version 5.6 is required but xyz version 4.2 is found. You 
need to install or update the software that PHP needs. 

If the apxs utility isn't installed in the expected location, you see an 
error message indicating that apxs couldn't be found. If you get this 
message, check the location where apxs is installed (f i nd / name 
apxs) and include the path in the wi th apxs option of the configure 
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command: -with-apxs=/usr/sbin/apxs or /usr/local /apache/ 
bi n/apxs. If you're using Apache 2, the option is-with-apxs2=/usr/ 

DropBoQte: 

You will see many lines of output. Wait until it is finished. This might 
take a few minutes. 

11. Type make install. 



On Mac OSX 

With the release of PHP 4.3, you can install PHP on Mac OS X as easily as on 
Unix/Linux. You install PHP by downloading source files, compiling the 
source files, and installing the compiled programs. This process isn't as tech- 
nical and daunting as it might appear 1 provide step-by-step instructions in 
the next few sections. Read all the way through the steps before you begin 
the installation procedure to be sure that you understand it all clearly and 
have everything prepared so you don't have to stop in the middle of the 
installation. 

Before instatCmg 

If you want to use PHP with Apache for your Web site, Apache must be 
installed. Most Mac OS X systems come with Apache already installed. For 
more information on Apache, see Appendix C. 

Before beginning to install PHP, check the following: 

The Apache version is recent: See Appendix C for a discussion of 
Apache versions. To check the version, type the following on the com- 
mand line: 

httpd --V 

You might have to be in the directory where httpd is located before the 
command will work. 

As of this writing, PHP with Apache 2 is still considered experimental. 
For use on production Web sites, it might be better to use Apache 1.3 
than Apache 2. See Appendix C for a discussion of Apache versions. 
Keep updated on the status of PHP with Apache 2 by checking the PHP 
Web site at www .php.net/nianual/en/install.apache2.php. 

The Apache module mod_so is installed. It usually is. To display a list of 
all the modules, type the following: 

httpd -1 . 
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You might have to be in the directory where httpd is located before the 
command will work. The output usually shows a long list of modules. All 
need to be concerned with for PHP is rnod_so. If mod_so is not 
ed, Apache must be reinstalled. 



The apxs utility is installed, apxs is normally installed when Apache is 
installed. To determine whether it's installed on your computer, you 
should look for a file called apxs, usually in the / usr/sbin/apxs direc- 
tory. If you can find the file, apxs is installed; if not, it's not. 

The files from the Developer's Tools CD are installed. This CD is sup- 
plemental to the main Mac OS X distribution. If you can't find the CD, 
you can download the tools from the Apple Developer Connection Web 
site atdeveloper.apple.com/tools/macosxtools.html. 



lnstattin0 

To install PHP on Mac, follow these steps: 



1. Point your Web browser to www .php.net, which is the PHP home 
page. 

2. Click Downloads. 

3. Click the latest version of the PHP source code, which is version 5.0.0 
as of this writing. 

A dialog box opens. 

4. Select the option to save the Hie. 

A dialog box opens that lets you select where the file is to be saved. 

5. Navigate to where you want to save the source code (for example, 
/ us r / s rc), and then click Save. 

6. After the download, change to the download directory (for example, 

cd/usr/src). 

You see a file named p h p - , followed by the version name and t a r . g z . 
This file is contains several files compressed into one file. The file might 
have been unpacked by the Stufflt Expander automatically so that you 
see the directory p h p - 5 . 0 . 0 . If so, skip to Step 8. 

7. Unpack the tarball. 

The command to unpack the tarball for PHP version 5.0.0 is 

tar xvfz php-5 . 0 . 0 . tar . gz 
A new directory called php-5. 0.0 is created with several subdirectories. 
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8. Change to the new directory that was created when you unpacked the 
tarball. 



look! 



^example, you can use a command like the following: 

cU php-5.0.0 

9. Type the conf i gure command: 

The configure command consists of ./configure followed by all the 
necessary options. The minimum set of options is as follows: 

• Location options: Because the Mac stores files in different loca- 
tions than the PHP default locations, you need to tell PHP where 
files are located. Use the following options: 





--pref ix=/usr 
--sysconfdi r=/etc 
--1 ocal stated! r=/var 
--rriandir=/usr/share/rrian 






• zl i b option: - -wi th -zl i b 

• Apache option: If you are installing PHP for use with Apache, use 
the following option: - with apxs or - -with-apxs2. 

Therefore, the most likely configuration command that you should use is 


. /conf i gure 


--prefix=/usr --sysconfdi r=/etc 






--1 ocal s 

--with- 


tatedi r=/v 
apxs --wit 


ar --mand" 
h-zl ib 


i r=/usr/share/nian 




You also need to use an option to include MySQL support. Use one of the 
following options: 


- -wi th -mysql =DI R 
- -wi th -mysql i =DI R 







Use mysql if you're using MySQL 4.0 or earlier; use mysql i if you're 
using MySQL 4. 1 or later. D I R is the path to the appropriate MySQL 
directory. When using w i t h - my s q 1 , use the path to the directory where 
mysql is installed, as follows: 

- -w i th - my sql=/ user/ local /mysql 

When using w i t h - my s q 1 i , use the path to the file named 

mysql_conf i g. 

You can type the configure command on one line. If you use more than 
one line, type a \ at the end of each line. 

You will see many lines of output. Wait until the configure command 
has completed. This may take a few minutes. 
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^ViG! If the a pxs utility isn't installed in the expected location, you see 

an error message, indicating that a pxs could not be found. If you get 
^\ lytb** error message, check the location where a pxs is installed 
\J l^'v^d / name a pxs) and include the path in the wi th a pxs option 

of the configure command: --with-apxs = /usr/sbin/apxs. 

You might need to use many other options, such as options for the data- 
base that you're using or options that change the directories where PHP 
is installed. These configure options are discussed in the section, 
"Installation Options," later in this Appendix. 

10. Type make. 

You will see many lines of output. Wait until it is finished. This might 
take a few minutes. 

11. Type sudo make install. 



hstattation Options 

The previous sections give you steps to quickly install PHP with the options 
needed for the applications in this book. However, you might want to install 
PHP differently. For instance, all the PHP programs and files are installed in 
their default locations, but you might need to install PHP in different loca- 
tions. Or you might be planning applications using additional software. You 
can use additional command line options if you need to configure PHP for 
your specific needs. Just add the options to the command shown in Step 13 
of the Unix/Linux installation instructions or Step 9 in the Mac installation 
instructions. In general, the order of the options in the command line doesn't 
matter. Table B-1 shows the most commonly used options for PHP. To see a 
list of all possible options, type . /conf i gure — hel p. 



Table B-1 


PHP Configure Options 


Option 


Tells PHP To 


prefix=PREFIX 


Set main PHP directory to PREFIX. Default 




PREFIXis /usr/local. 


exec-pref i ){=E PREFIX 


Install architecture dependent files in EPREFIX. 




Default EPREFIX is PREFIX. 


bindir=D//? 


Install user executables in DIR. Default is 




EPREFIX /bin. 



(continued) 
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Table B-1 (continued) 



dBoo^ 

1 nfoa 



Tells PHP To 



i r=DIR 



Install info documentation in DIR. Default is 
PREFIX /info. 



mandi r=DIR 



Install man files in DIR. Default is PREFIX /man. 



wi th-conf i g-f i 1 e- 
path=D7/? 



Look for the configuration file (php . i ni ) in D//?. 
Without this option, PHP looks for the configuration 
file in a default location, usually /usr/1 ocal /lib. 



di sabl e- 1 i bxml 



Disables XML support that's included be default. 



enabl e-f tp 



Enable FTP support. 



enabl e-magic-quotes 



Enable automatic escaping of quotes with a 
backslash. 



wi th - 


-dpxs=FILE 


Build a shared Apache module using the 
located at FILE. Default FILEis apxs. 


apxs utility 


wi th - 


-apxs2=r//.f Build a shared Apache 2 module using the apxs 
utility located at FILE. Default FILEis apxs. 


wi th - 


-mysql =D//? 


Enable support for MySQL 4.0 or earlier databases. 
Default D//? where MySQL is located is /usr/ 
1 ocal. 


wi th - 


-mysql i =DIh 


' Enable supportfor MySQL 4.1 or later databases. 

DIR needs to be the path to the file named niysql_ 
conf i g that was installed with 4.1. 



wi th -openssl =D//? 



Enable OpenSSL supportfor a secure server. 
Requires OpenSSL version 0.9.5 or later. 



with-oci8=DIR 



Enable supportfor Oracle 7 or later. Default DIR is 
contained in the environmental variable, ORACLE_ 
HOME. 



wi th -oracl e=D//? 



Enable supportfor earlier versions of Oracle. 
Default DIR is contained in the environmental 
variable, ORACLEJOME. 



wi th -pgsql =D//? 



Enable supportfor PostgreSQL databases. Default 
£)//? where PostgreSQL is located is /usr/1 ocal / 
pgsql. 



wi th-servl et=DIR 



Include servlet support. D//? is the base install 
directory for the JSDK. The Java extension must be 
built as a shared .dll. 
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Configuring Apache for PHP 

DropBooks 

I uration fil 



configure Apache to recognize and run PHP files. An Apacfie config- 
uration file, httpd . conf , is on your system, possibly in /etc or in /usr/ 
local / apache/con f. You must edit this file before PHP can run properly. 

Follow these steps to configure your system for PHP: 

1. Open the httpd. conf file so you can make changes. 

2. Configure Apache to load the PHP module. 

Find the list of LoadModul e statements. Look for the following line: 

LoadModule php5_rnodule 1 i bexec/1 i bphp5 . so . 

If this line isn't there, add it. If a pound sign (#) is at the beginning of the 
line, remove the pound sign. 

3. Configure Apache to recognize PHP extensions. 

You need to tell Apache which files might contain PHP code. Look for a 
section describing AddType. You might see one or more AddType lines 
for other software. Look for the AddType line for PHP, as follows: 

AddType appl i cati on/x-httpd-php .php 

If you find it with a pound sign (#) at the beginning of the line, remove 
the pound sign (#). If you don't find this line, add it to the AddType state- 
ments. This line tells Apache to look for PHP code in all files with a . php 
extension. You can specify any extension or series of extensions. 

4. Start (if it is not running) or restart (if it is running) the Apache httpd 
server. 

You can start or restart the server by using a script that was installed on 
your system during installation. This script might be apachectl or 
httpd. apache, and might be located in / bin or 

/usr/1 ocal /apache/bi n. For example, you might be able to start the 
server by typing apachectl start, restart it by using apachectl 
restart, or stop it by using apachectl stop. Sometimes restarting is 
not sufficient; you must stop the server first and then start it. 



On Windows 



PHP runs on Windows 98/Me and Windows NT/2000/XP It does not run on 
Windows 3.1. Windows 95 is no longer supported as of PHP 4.3.0. 
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To install PHP 5 on Windows with MySQL support, you download a Zip file 
that contains all the necessary files for PHP, The following steps show how to 
P on Windows: 



Point your Web browser at www .php.net. 

2. Click Download. 

3. Go to the Windows Binaries section. Click the download link for 
the Sip package for the most recent version of PHP (as of this 
writing, 5.0.0). 

4. Click the link for a mirror Web site from which to download the Hie 
and choose the site closest to your location. 

A dialog box opens. 

5. Select the option to save the Hie. 

A dialog box opens that lets you select where the file will be saved. 

6. Navigate to where you want the file to be downloaded. This should be 
a temporary location, such as a download directory. Then click Save. 

After the download is complete, you see a file in the download location 
containing all the files needed. The file is named php, followed by the 
version number and win32.zip. For the current version, the file is 
named php5 . 0 . 0-Wi n32 . zip-. 

7. Extract the files from the .zip file into the directory where you want 
PHP to be installed, such as c : \ php. 

If you double click the .zip file, it should open in the software on your 
computer that extracts files from .zip files, such as WinZip or PKZIP. 
Select the menu item for extract and select the directory into which the 
files are to be extracted. C : \ php is a good choice for installation 
because many configuration files assume that's where PHP is installed, 
so the default settings are more likely to be correct. 

It's best not to install PHP in a directory with a space in the path, such 
as in Program Files/PHP. It sometimes causes problems. 

You now have a directory with several subdirectories that contain the 
files that you need. 

8. Copy the file required for MySQL to the PHP main directory. 

The file is located in the ext subdirectory in the directory where PHP is 
installed. Copy one of the following files, depending on which version of 
MySQL you're using: 



ext\php_rTiysql . dl 1 
ext\php_rnysql i . dl 1 



(for MySQL 4.0 or earlier) 
(for MySQL 4.1 or later) 
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Copy the two files into the main PHP directory, such as c : \ php. 

I Another file is required for MySQL support, named 1 i bmysql . dl 1 . This 
^\ L^i^^hould already be located in the main PHP directory. If it isn't there, 

' \^«need to find it and copy it there. If it's not in your PHP directory, it's 
usually installed with MySQL, so find it in the directory where MySQL 
was installed, perhaps in a bin subdirectory, such as c : \niysql \bi n. 

Occasionally PHP needs DLL files that it can't find. When this happens, 
PHP displays an error message when you run a PHP program, saying 
that it can't find a particular DLL. You can usually find the DLL in the ext 
subdirectory and copy it into the main PHP directory. 

9. Configure your Web server. 

The next section provides instructions for configuring your Web server. 
10. Configure PHP. 

Follow the directions in the section later in this chapter. 



Configuring Hour Web Seri/er for PHP 

Your Web server needs to be configured to recognize PHP scripts and run 
them. Follow the steps in the section for your Web server: 

■ 

Configuring^ Apache 

You must edit an Apache configuration file, called httpd . conf , before PHP 
can run properly To configure Apache for PHP, follow these steps: 

1. Open httpd . conf for editing. 

You might be able to edit it by choosing StartOProgramsOApache 
HTTPD ServerOConfigure Apache ServerOEdit Configuration. 

If Edit Configuration isn't on your Start menu, find the httpd. conf file 
on your hard disk, usually in the directory where Apache is installed, in 
a conf subdirectory (for example, c : \prog ram f i 1 es\Apache group\ 
Apache\conf). Open this file in an editor, such as Notepad or WordPad. 

2. Set up a nickname for the directory where PHP is installed. 

AScriptAlias statement is used to set up a name for the directory 
where PHP is installed. Look for Scri ptAl i as statements in the 
httpd. conf file. You might see some for other software. If you don't see 
one for PHP, add the following: 

ScriptAlias /php/ "c:/php/" 
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The first argument is the name, and the second is what it represents. In 
this statement, the name / p h p / is used to mean c : / p h p / . Notice that 
,che prefers forward slashes. Also, note that the directory path with 
lecial character (the colon) in it is enclosed in double quotes. 



3. Configure Apache to run PHP when it encounters a Hie that is a PHP 
program. 

An Act i on statement is used to tell Apache to run PHP when it encoun- 
ters a file that is a PHP program. If you don't find an Act i on statement 
for PHP, add the following: 

Action appl i cati on/x-httpd-php /php/php-cgi .exe 

Prior to PHP 5, the PHP interpreter was named php.exe.lf you're 
installing an earlier version of PHP, the line should end with php . exe, 
rather than phpcgi .exe. If you find an action line for PHP in your 
httpd.conf file, be sure that it uses the correct PHP interpreter name 
for the version of PHP that you're installing. 

Notice that the Acti on statement uses the name defined in the 
Scri ptAl i as statement. It locates php cgi . exe in /php/, which means 
c : /php/. If you change the Scri ptAl i as statement to say c : /php27/, 
the Acti on statement would then look for phpcgi .exe in c : / php27. 

4. You need to tell Apache which Hies are PHP programs. 

Look for a section describing AddType. This section might contain one 
or more AddType lines for other software. The AddType line for PHP is 



AddType appl 


i cati on/x 


-httpd-php .php 





Look for this line. If you find it with a pound sign (#) at the beginning of 
the line, remove the pound sign. If you don't find the line, add it to the 
list of AddType statements. You can specify any extension or series of 
extensions. 

This line tells Apache that files with the .php extension are files of the 
type appl i cati on/x-httpd-php. Apache then looks at the Acti on 
statement from Step 2 and knows that files of this type should be run 
using the program /php/php . exe. 

5. Start (if it is not running) or restart (if it is running) Apache. 

You can start it as a service on Windows NT/2000 by choosing StartO 
ProgramsOApache HTTPD ServerOControl Apache Server and then 
selecting Start or Restart. 

Or you can start it on Windows 98/ME by choosing StartOProgramsO 
Apache Web ServerOManagement. 

Sometimes restarting Apache is not sufficient; you must stop it first and 
then start it. In addition, your computer is undoubtedly set up so that 
Apache will start whenever the computer starts. Therefore, you can shut 
down and then start your computer to restart Apache. 
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Configuring US 

I p Q Qaji^^ure IIS to work with PHP, follow these steps: 



1. Enter the IIS Management Console. 

You should be able to enter by choosing StartOProgramsO 
Administrative ToolsOInternet Services Manager or StartOSettingsO 
Control Panel OAdministrative TooIsCInternet Services Manager. 

2. Right-click your Web site (such as Default Web Site). 

3. Select Properties. 

4. Select the Home Directory tab. 

5. Click the Configuration button. 

6. Choose the App Mappings tab. 

7. Click Add. 

8. In the Executable box, type the path to the PHP interpreter: for exam- 
ple, type c:\php\php-cgi.exe. 

9. In the Extension box, type .php. 

This will be the extension that is associated with PHP scripts. 

10. Select the Script Engine check box. 

11. Click OK. 

Repeat Steps 6-10 if you want any additional extensions, in addition to 
. p h p , to be processed by PHP, such as . p h t m 1 . 



Configuring PHP 

PHP uses settings in a file named php . i ni to control some of its behavior. 
PHP looks for php . i ni when it begins and uses the settings that it finds. 
If PHP can't find the file, it uses a set of default settings. 

The default location for the php.ini file is one of the following unless you 
change it during installation: 

Windows: The system directory, depending on the Windows version, as 
follows: 

• Windows 98/Me/XP: wi ndows 

• Windows NT/2000: wi nnt 
Unix/Linux/Mac: / usr/local/lib 
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If the ph p . i n i file isn't installed during installation, you need to install it now. 
A configuration file with default settings, called php . i ni di st, is included in 
^distribution. Copy this file into the appropriate location, such as the 
cations mentioned above, changing its name to p h p . i n i . 




If you have a previous version of PHP installed (such as PHP 4.3), make a 
backup copy of the p h p . i n i file before you overwrite it with the p h p . i ni file 
for PHP 5. You can then see the settings you are currently using and change 
the settings in the new php . i ni file to match the current settings. 

To configure PHP, follow these steps. 



1. Open the php . i ni file for editing. 



Activate mysql ormysqli support. 

Look for a list of extensions. Find the line for mysql (if you're 
MySQL 4.0 or earlier) or for mysql i (if you're using MySQL 4 
as follows: 


! using 

.1 or later), 


; extensi on=php_mysql . dl 1 
;extensi on=php_mysql i . dl 1 


m 




Notice the semicolon (;) at the beginning of the lines. To activate the 
extension, remove the semicolon. If the extension line isn't in your 
nhn . i ni file, add it- 


Only if you're using PHP witii tiie IIS Web server, turn off 1 
rect. Find the line: 


Force redi- 


; cgi . f orce_redi rect = 


1 




You need to remove the semicolon so that the settings is active, and also 
change the 1 to 0. After the changes, the line looks as follows: 



cgi . force_redi rect = 0 



4. Save the php . i ni file. 

5. You might need to restart the Apache server before the new settings 
go into effect. 



In general, the remaining default settings allow PHP to run okay, but you 
might need to edit some of these settings for specific reasons. 1 discuss 
settings in the p h p . i n i file throughout the book when I discuss a topic that 
might require you to change settings. For example, PHP error-handling 
actions can be changed by settings in the php . i ni file. The possible settings 
for error handling and their effects are discussed in Chapter 4. 
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JM pache is an open-source Web server. A Web server delivers the files on 
r \ the Web site to the visitor who wants to see the Web pages. 

In most cases, you want to get Apache from the Web and install it yourself. 
Although Apache may already be installed on your computer (because most 
Linux distributions and Mac OS X include Apache), it's unlikely to be the 
latest version. Or Apache may not have been installed with the options you 
need. Because of this, you're often better off installing Apache yourself. 



Selecting a Version of Apache 

Apache is currently available in two versions: Apache 1.3 and Apache 2. 
Apache 2 is the newer version, released in April 2002. Apache 2 is not sup- 
ported on Windows 9x installations; it requires Windows NT/2000/XP. 

Many Linux distributions come with Apache 2 installed. However, as of this 
writing, the PHP Web site cautions against using Apache 2 with PHP in a pro- 
duction environment. Check the Web page for the current status of PHP with 
Apache 2 at www .php.net/manual/en/ install .apache2.php#install . 
apache2 . uni x. 

At this time, the current versions are 

11^ Apache 2.0.47 
;^ Apache 1.3.28 

Try to install the most current Apache version so that your Apache server 
includes all the latest security and bug fixes. New features are no longer 
being added to Apache 1.3, but bugs are still being fixed and security issues 
are being addressed. New versions of Apache 1.3 continue to be released but 
on a less frequent basis than for Apache 2. 
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I available 



an be downloaded and installed on your Web server for free. It's 
available for almost every operating system, including Windows, Linux, many 
flavors of Unix, and Mac. 



On Linux/UniK 

To install Apache on Linux and Unix, you download the source code, compile 
it, and install it. This sounds daunting but is much easier than it sounds. 

Before installing 

Before installing Apache, check the following requirements: 

Disk space: You may need as much as 50MB of disk space while 
installing. Apache will probably use 10MB after installation, although the 
amount varies depending on the options used and modules installed. 

1^ C compiler: Your computer has an ANSI-compliant C compiler installed. 
GNU C (gcc) is a good choice. 

Installing 

To install Apache from source files, follow these steps: 

1. Point your Web browser to httpd. apache. org, the Apache home 
page. 

2. Click the From a Mirror link under Download on the left side of 
the page. 

3. Scroll down to the Mirror section. 

A specific mirror is selected for you. If you don't want to use this mirror, 
select another. Or if you have problems downloading from this mirror, 
return to this page and select another. 

4. Scroll further down the same page to the section for Apache 2 or for 
Apache 1.3, whichever you want to install. Locate and highlight the 
file you want to download. 

For instance, at this time, the most recent version of Apache 1.3 for 
Linux isapache-1.3.28.tar.gz. 

5. Click the latest version to download it. 

6. Select the option to save the Hie. 

7. Navigate to where you want to save the source code (for example, 
/ us r/s rc). Then click Save. 
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8. After the download, change to the download directory (for example, 

cd/usr/src). 

see a file named apache-, followed by the version name and 
gz. This file is called a tarball because it contains many files com- 
pressed into the tarball file by a program called tar. 

Be sure you're using an account that has permission to write into 
/usr/src, such as root. 

9. Verify the downloaded file to be sure it hasn't been tampered with. To 
verify the file, follow these steps: 

a. Download two files from www .apache.org/dist/httpd/: One file 
to download is named KEYS. The second file is named with the 
same file name, including version number, as the source, but the 
filename ends in . asc. 

b. Type one of the following lines, depending on which version of PGP 
is installed on your computer: 

pgp <KEYS J| 

gpg --import KEYS " 

Several lines of output are displayed. 

c. Type one of the following lines, with the correct version number. 

pgp apache-1 . 3 . 28 . tar . gz . asc 

gpg --verify apache-1 . 3 . 28 . tar . gz . asc 

You should see something similar to the following: 

Good signature from user "Sander Striker" 

This is what you are looking for Several messages will probably be 
displayed, but the preceding message is the important one. You 
might also see a message stating that the relationship between the 
key and the signer of the key cannot be verified. This is okay. 

If you don't get a message that the signature is good, the file might 
have been tempered with and may be dangerous. In this case, 
repeat the process starting with Step 1 and select a different mirror 
to download from. 

10. Unpack the tarball. 

The command to unpack the tarball for version 1.3.28 is the following: 

gunzip -c apache-1 .3. 28. tar. gz | tar -xf - 

A new directory called apache-1.3.28is created with several subdirec- 
tories containing all the files that you just unpacked from the tarball. 

11. Change to the new directory that was created when you unpacked 
the tarball. 
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For example, you can use a command like the following: 
cd apache- 1 . 3 . 28 

the conf i gure command. 



The configure command consists of ./configure followed by all the 
necessary options. If you can use all the default options, you can use 
conf i gure without any options. However, to use Apache with PHP as a 
module, use the configure command as follows: 

./configure - -enabl e-modul e=so 

One of the more important installation options you may want to use 
is prefix, which sets a different location where you want Apache to 
be installed. By default. Apache is installed at / usr/1 ocal / apache or 



the following line: 




./configure --prefix=/software/( 


apache 




You can see a list of all the available options by typing the following line: 


./configure --help 






This script may take a while to finish running. As it runs, it displays 
output. When the script is done, the system prompt is displayed. If 
conf i gure encounters a problem, it displays a descriptive error 


message. 

Type the following command: 






make 








This command builds the Apache server It may take several minutes to 
finish running. As it runs, it displays messages telling you what it's 



doing. There may be occasional longer pauses as it completes some 
action. When it's finished, it returns to the system prompt. If it has a 
problem, it displays a descriptive error message. 

14. Type the following command: 

make install 

This command installs the Apache software in the proper locations, 
based on the conf i gure command you used in Step 11. 

15. Start the Apache Web server. 

See the following section, "Starting and Stopping Apache," for details. 

16. Type the URL for your Web site (for example, www . my s 1 te . com or 
1 ocal host) into a browser to test Apache. 

If all goes well, you see the Apache message telling you that Apache is 
working. 
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Starting and stopping Apache 

A script named apachectl is available to control the server. By default, the 
I 1 }r\ ^^n^t^^tored in a subdirectory called bin in the directory where Apache is 

' >*ltaH%« Some Linux distributions may put it in another directory. 

The script requires a keyword. The most common keywords are start, stop, 
and restart. The general syntax is as follows: 

pat/7/apachectl keyword 

For example, if Apache was installed in the default directory, type the follow- 
ing line to start Apache: 

/usr/local/apache/bin/apachectl start 
Starting Apache 

The apachectl script starts the Apache server, which then runs in the back- 
ground, listening for HTTP requests. By default, the compiled Apache server 
is named httpd and is stored in the same directory as the apachectl script, 
although you can change the name and location when you install Apache. The 
apachectl script serves as an interface to the compiled server, called httpd. 

You can run the httpd server directly, but it's better to use apachectl as 
an interface. The apachectl script manages and checks data that httpd 
commands require. Use the apachectl script to start Apache with the fol- 
lowing command: 

/usr/local/apache/bin/apachectl start 

The apachectl script contains a line that runs httpd. By default, apachectl 
looks for httpd in the default location — /usr/1 ocal /apache/bi n or 
/usr/local/apache2/bin.lf you installed Apache in a nonstandard loca- 
tion, you may need to edit apachectl to use the correct path. Open 
apachectl and then search for the following line: 

HTTPD=' /usr/1 ocal /apache2/bin /httpd' 

Change the path to the location where you installed httpd. For example, the 
new line might be this: 

HTTPD=' /us r /my stuff /bin /httpd' 

After you start Apache, you can check whether Apache is running by looking 
at the processes on your computer. Type the following command to display a 
list of the processes that are running: 

ps -A 

If Apache is running, the list of processes includes some httpd processes. 
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Getting information from Apache 

Yon can use options with the httpd server to obtain information about 
Tiffefh^^or instance, you can find out what version of Apache is installed by 
jKiRnlgtag to the directory with httpd and typing 

httpd -V 

Or, probably, ./httpd v. You can find out what modules are installed with 
Apache by typing the following: 



httpd -1 

To see all the options that are available, type the following: 

httpd -h 
Restarting Apache 

Whenever you change the configuration file, the new directives take effect 
the next time Apache starts. If Apache is shut down when you make the 
changes, you can start Apache as described earlier in "Starting Apache." 
However, if Apache is running, you can't use start to restart it. Using start 
results in an error message saying that Apache is already running. You can 
use the following command to restart Apache when it's currently running: 









/usr/1 ocal /apach 


e2/bi n/ap 


achectl re 


start 











Although the restart command usually works, sometimes it doesn't. If you 
restart Apache and the new settings don't seem to be in effect, try stopping 
Apache and starting it again. Sometimes this solves the problem. 

Stopping Apache 

To stop Apache, use the following command: 

/usr/1 ocal /apache/bin/apachectl stop 

You can check to see that Apache is stopped by checking the processes that 
are running on your computer by using the following command: 

ps -A 

The output from ps should not include any httpd processes. 



On Windows 

You can install Apache on almost any version of Windows, although Windows 
NT/2000/XP are preferred. 
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Instattin^ 

' ' " Apache, follow these steps: 

t your Web browser to httpd .apache . org, the Apache home 
page. 

2. Click the From a Mirror link under Download on the left side of 
the page. 

3. Scroll down to the Mirror section. 

A specific mirror is selected for you. If you don't want to use this mirror, 
select another. Or if you have problems downloading from this mirror, 
return to this page and select another 

4. Scroll further down the same page to the section for Apache 2 or for 
Apache 1.3, whichever you want to install. Locate and highlight the 
line for Win 32 Binary (MSI installer). 

For instance, at this time, the most recent version of Apache 1.3 for 
Windows is apache_l . 3 . 28. 

5. Click the filename to download it. 

6. Select the option to save the file. 

7. Navigate to where you want to save the installer. This should be a tem- 
porary directory, such as a download directory. Then click Save. 

After the download is complete, you see a file in the download location 
containing all the files needed. The file is named apache, followed by the 
version number and wi n32-x86 no_src .msi . For the current version, 
the file is named apache_l . 3 . 28-wi n32-x86-no_src . msi . 

8. Double-click the downloaded file. 

The Apache installation wizard begins, and a welcome screen is 
displayed. 

9. Click Next. 

The license agreement is displayed. 

10. Select I Accept the Terms in the License Agreements and then 
click Next. 

If you don't accept the terms, you can't install the software. 
A screen of information about Apache is displayed. 

11. Click Next. 

A screen is displayed asking for information. 

12. Enter the requested information and then click Next. 
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The information requested is 



)ks 



Domain Name: Type your domain name, such as 
MyFineCompany.com. If you're installing Apache for testing pur- 
poses and plan only to access it from the same machine where it's 
installed, you can enter localhost. 

• Server Name: Type the name of the server where you're installing 
Apache, such as www.MyFineCompany.com or 
sl.mycompany.com. If you're installing Apache for testing pur- 
poses and plan only to access it from the same machine where it's 
installed, you can enter localhost. 

• E-mail Address: Type the e-mail address that you want to receive 
e-mail message about the Web server, such as Webserver® 
MyFineCompany.com. 

• Run Mode: Select whether you want Apache to run as a service, 
starting automatically when the computer boots up, or whether 
you want to start Apache manually when you want to use it. 

In most cases, you want the first choice — to run Apache as a 
service. 

The installation type screen is displayed. 

13. Select an installation type and click Next. 

In most cases, you should select Complete. Only advanced users who 
understand Apache well should select Custom. 

A screen showing where Apache is to be installed is displayed. 

14. Select the directory where you want Apache installed and click Next. 

You see the default installation directory for Apache, usually 
C:\Prograrn Files\Apache Group. If this is okay, click Next. If you 
want Apache installed in a different directory, click Change and select a 
different directory, click OK, and click Next. 

A screen is displayed that says the wizard is ready to install Apache. 

15. Click Install. 

If you need to, you can go back and change any of the information you 
entered before proceeding with the installation. 

A screen displays the progress while Apache is being installed. When the 
installation is complete, a screen is displayed saying that the wizard has 
successfully completed the installation. 

16. Click Finish to exit the installation wizard. 



Apache is installed on your computer based on your operating system. If you 
install it on Windows NT/2000/XP, it is automatically installed as a service 
that automatically starts when your computer starts. If you install it on 
Windows 95/98/Me, you need to start it manually or set it up so that it starts 
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automatically when your computer boots. See the next section, "Starting and 
stopping Apache," for more information. 



When you install Apache on Windows NT/2000/XP, it's automatically installed 
as a service and started. It's ready to use. You can test it by typing your Web 
site name (or localhost) into your browser window. You see a welcome Web 
page that reads, "If you can see this, it means that the installation of the 
Apache Web server software on this system was successful." On Windows 
95/98/Me, you have to start Apache manually, using the menu. 

Apache installs menu items for stopping and starting Apache during installa- 
tion. You can find this menu at StartOProgramsOApache HTTP ServerO 
Control Apache Server 

The menu you use to start and stop Apache provides the following menu 
items: 

Start: Used to start Apache when it is not running. If you click this item 
when Apache is running, you see an error message saying that Apache 
has already been started. 

Stop: Used to stop Apache when it is running. If you click this item when 
Apache is not running, you see an error message saying that Apache is 
not running. 

Restart: Used to restart Apache when it is running. If you make changes 
to Apache's configuration, you need to restart Apache before the 
changes become effective. 

Getting information from Apache 

Sometimes you want to know information about your Apache installation, 
such as the version that's installed. You can get this information from Apache 
by opening a command prompt window (StartOProgramsOAccessoriesO 
Command Prompt), changing to the directory where Apache is installed 
(such as, cd C:\Apache), and accessing Apache with options. For example, 
to find out which version of Apache is installed, type the following in the 
command prompt window: 

Apache -v 

To find out what modules are compiled into Apache, type 

Apache -1 

You can also start and stop Apache directly, as follows: 




Apache -k start 
Apache -k stop 
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On Mac 



You can see all the options available by typing the following: 

h 



Installing Apache on the Mac is very similar to installing Apache on 
Unix/Linux. You download the source code and compile it. To install Apache 
on the Mac, follow these steps: 

1. Download the source code, save it in a directory, and cliange to the 
directory where the downloaded Hie is saved. 

Follow Steps 1-8 of the directions for Unix/Linux. 

You will see a file named httpd, followed by the version name and 
tar . gz, such as, httpd-1.3.28.tar.gz. This file is the tarball — a 
single file that contains all the files needed, compressed into one file. 

2. Unpack the tarball by using a command similar to the following: 

gnutar -xzf /httpd_l . 3 . 28 . tar . gz 

After unpacking the tarball, you see a directory called httpd_l .3.28. 
This directory contains several subdirectories and many files. 

3. Use a cd command to change to the new directory created when you 
unpacked the tarball (for example, cd httpd 1 . 3 . 28). 

4. Type the following command: 

./configure - -enabl e-modul e=rriost --enable-shared=max 
This command may take some time to run. 

5. Type the following command to build the Apache server: 

make 

This command may take a few minutes to run. It displays messages while 
it is running, with occasional pauses for a process to finish running. 

6. Type the following command to install Apache: 

sudo make install 

7. Start the Apache Web server. 

See the section, "Starting and Stopping Apache," under Unix/Linux for 
details. 

8. Type the URL for your Web site (for example, www . my s i te . com or 
1 oca 1 host) into a browser to test Apache. 

If all goes well, you see a Web page telling you that Apache is working. 
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Configuring Apache 

DropBooks 

I can't reac 



ache starts, it reads information from a configuration file. If Apache 
can't read the configuration file, it can't start. Unless you tell Apache to use a 
different configuration file, it looks for the file conf/httpd.confin the direc- 
tory where Apache is installed. 



Chan0in0 settings 

Apache behaves according to commands, called directives, in the configura- 
tion file. You can change some of Apache's behavior by editing the configura- 
tion file and restarting Apache so that it reads the new directives. 

The configuration file is a text file containing commands called directives. 
Apache behaves according to the directives in this file. In most cases, the 
default settings allow Apache to start and run on your system. However, you 
may need to change the settings in some cases. Some reasons you might 
want to change the settings are 

1^ Installing PHP: If you install PHP, you need to configure Apache to rec- 
ognize PHP programs. How to change the Apache configuration for PHP 
is described in Appendix B. 

Changing your Web space: Apache looks for Web page files in a specific 
directory and its subdirectories, often called your Web space. You can 
change the location of your Web space. 

1^ Changing the port where Apache listens: By default. Apache listens 
for file requests on port 80. You can configure Apache to listen on a 
different port. 

To change any settings, edit the file httpd . conf . On Windows, you can 
access this file through the menu at StartOProgramsOApache HTTPD 
ServerOConfigure Apache ServerOEdit the Apache httpd. conf File. When you 
click this menu item, the httpd .conf file is opened in Notepad. 

The httpd. conf file has comments (beginning with #) that describe the 
directives, but you should be sure you understand their function before 
changing any. All directives are documented on the Apache Web site. 

When adding or change file path/names, use forward slashes, even when the 
directory is on Windows. Apache can figure it out. Also, path/names don't 
need to be in quotes unless they include special characters. A colon (:) is a 
special character; the underscore (_) and hyphen (-) are not. For instance, to 
indicate a Windows directory, you would use something like the following: 

"c : /temp/mydi r" 
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Remember to restart Apache after you change any settings. The settings 
don't go into effect until Apache is restarted. Sometimes using the restart 

doesn't work to change the settings. If the new settings don't seem 
_^ffect, try stopping the server with stop and then starting it with 

start. 
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Cfian^in^ the location of i^our Web space 

By default, Apache looks for your Web page files in the subdirectory htdocs 
in the directory where Apache is installed. You can change this with the 
DocumentRoot directive. Look for the line that begins with DocumentRoot, 
such as the following: 



DocumentRoot "C:/Prograrn Files/Apache Group/Apache/h 


tdocs" 


Change the file path/name to the location where you want to store your Web 
page files. Don't include a forward slash (/) on the end of the directory path. 
For example, the following might be your new directive: 


DocumentRoot /usr/mysrver/Apache2/webpages 




Cfian0in0 the port number 




By default. Apache listens on port 80. You might want to change this, for 
instance, if you are setting up a second Apache server for testing purposes. 
The port is set by using the Listen directive as follows: 


Listen 80 





With Apache 2, the Li sten directive is required. If no Li sten directive is 
included. Apache 2 won't start. 



You can change the port number as follows: 

Listen 8080 

Remember to restart Apache after you change any directives. 
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